CVE-2024-26011

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....

CVE-2024-33510

Fortinet CVE-2024-33510 targets FortiOS versions <=7.4.3, <=7.2.8, <=7.0.16 and FortiProxy <=7.4.3, <=7.2.9,

CVE-2024-33510

An improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability CWE-74 in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below;...

CVE-2024-33510

An improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability CWE-74 in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below;...

CVE-2023-50176

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link...

CVE-2023-50176

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link...

CVE-2023-50176

Fortinet FortiOS 7.0.0–7.0.13, 7.2.0–7.2.7, and 7.4.0–7.4.3 are affected by CVE-2023-50176, a session-fixation flaw that enables an attacker to execute unauthorized code or commands via a phishing SAML authentication link. Multiple connected sources (Red Hat, CNVD, CVE/CVEList, NVD, PT Security) ...

Fortinet Releases Security Updates for Multiple Products

Fortinet has released security updates to address vulnerabilities in multiple products, including FortiOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply...

Fortinet多款产品 访问控制错误漏洞

Fortinet FortiOS and others are products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiPortal is an advanced, feature-rich, hosted...

PT-2024-8521 · Fortinet · Fortimanager +5

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 6.4.0 through 6.4.14 Fortinet FortiManager versions 7.0.0 through 7.0.11 Fortinet FortiManager versions 7.2.0 through 7.2.4 Fortinet FortiManager versions 7.4.0 through 7.4.2 Fortinet FortiPAM version 1.0.0...

Fortinet FortiOS和Fortinet FortiProxy 安全特征问题漏洞

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

PT-2024-8522 · Fortinet · Fortiproxy +2

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.4 FortiProxy versions prior to 7.4.4 FortiSASE version 24.2.b and earlier Description: The issue is related to an improper neutralization of special elements in output used by a downstream component, which may...

Fortinet Fortigate SSLVPN WEB UI Text injection (FG-IR-24-033)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-033 advisory. - An improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability CWE-74 in...

Fortinet FortiOS 授权问题漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...

PT-2024-8775 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.0.0 through 7.0.13 Fortinet FortiOS versions 7.2.0 through 7.2.7 Fortinet FortiOS versions 7.4.0 through 7.4.3 Description: A session fixation issue in Fortinet FortiOS allows an attacker to execute unauthorized co...

Fortinet Fortigate Access to NULL pointer in SSL VPN portal (FG-IR-22-086)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-086 advisory. - A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 throug...

Fortinet Fortigate MFA bypass by changing username case (FG-IR-19-283)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-19-283 advisory. - An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user...

Fortinet Fortigate Hardcoded symmetric key in fips.c (FG-IR-19-007)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-19-007 advisory. - Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an...

Fortinet Fortigate xss (FG-IR-21-230)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-230 advisory. - An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.0.3 and below, 6.4...

Fortinet Fortigate Lack of certificate verification when establishing secure connections to external end-points (FG-IR-21-239)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-239 advisory. - An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 throu...