2965 matches found
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...
Fortinet Fortigate Multipart Form Data DoS (FG-IR-24-219)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-219 advisory. - An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4,...
CVE-2020-12820
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon fcnacd and potentially execute arbitrary code via requesting a large FortiClien...
CVE-2020-12820
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon fcnacd and potentially execute arbitrary code via requesting a large FortiClien...
CVE-2020-12820
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon fcnacd and potentially execute arbitrary code via requesting a large FortiClien...
CVE-2020-12820
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon fcnacd and potentially execute arbitrary code via requesting a large FortiClien...
The vulnerability of the SSL VPN remote access technology for FortiOS operating systems allows a hacker to execute arbitrary code or commands.
The vulnerability of the SSL VPN remote access technology for FortiOS operating systems relates to the interception of user sessions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands remotely...
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
cve-2024-21762-poc CVE-2024-21762 is a critical vulnerability...
The vulnerability of the FortiOS operating system, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE are related to improperly implemented security checks for standard elements, allowing attackers to carry out phishing attacks.
The vulnerability of the FortiOS operating system, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE are related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a...
The vulnerabilities of the Fortinet FortiManager software for centralized device management, the FortiPAM system for account management, the FortiProxy proxy server for protecting against internet attacks, the FortiSwitchManager local management platform, the Fortinet FortiPortal security analytics and management tool, and the FortiOS operating system, allow attackers to send network packets to internal resources.
The vulnerabilities of the Fortinet FortiManager software for centralized device management, the FortiPAM system for account management, the FortiProxy proxy server for protecting against internet attacks, the FortiSwitchManager local management platform, the Fortinet FortiPortal security analyti...
Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy
FortiOS and FortiProxy Format String Vulnerability to RCE CV...
Fortinet FortiOS Access Control Error Vulnerability (CNVD-2024-49648)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...
Vulnerability of Fortinet FortiOS operating system graphical interfaces and FortiProxy proxy servers for protecting against Internet attacks, allowing attackers to execute XSS attacks.
The vulnerability of Fortinet’s FortiOS operating system graphical interface and its FortiProxy proxy server for protecting against Internet attacks is related to improper handling of input data during the creation of web pages. Exploiting this vulnerability allows a malicious actor to execute XS...
CVE-2024-33510
An improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability CWE-74 in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below;...
CVE-2024-26011
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....
CVE-2023-50176
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link...
CVE-2023-50176
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link...
CVE-2024-26011
CVE-2024-26011 is a missing authentication for a critical function affecting Fortinet FortiManager (versions 6.4.0–6.4.14, 7.0.0–7.0.11, 7.2.0–7.2.4, 7.4.0–7.4.2), FortiPAM (1.0.0–1.0.3, 1.1.0–1.1.2, 1.2.0), FortiProxy (1.0.0–1.0.7, 1.1.0–1.1.6, 1.2.0–1.2.13, 2.0.0–2.0.14, 7.0.0–7.0.17, 7.2.0–7.2...
CVE-2024-26011
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....