2971 matches found
Exploit for Use of Password Hash With Insufficient Computational Effort in Fortinet Fortiproxy
FortiOS and FortiProxy Password Hashing Vulnerability to RCE...
The vulnerability of the command-line interface of FortiOS operating systems and the FortiProx proxy server, which allows a hacker to decrypt the backup file.
The vulnerability of the command-line interface of FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks is related to insufficient calculation of password hashes. Exploiting this vulnerability can allow attackers to decrypt the backup file...
The vulnerability of the command-line interface of FortiOS operating systems allows a hacker to execute arbitrary commands.
The vulnerability of the command-line interface of FortiOS operating systems relates to operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary commands...
Vulnerability fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to execute arbitrary code on the vulnerable system through a Cross-Site-Scripting attack, or through SQL-Injection. Also, a malicious party can bypass security measures and thus allow traffic to pass...
The vulnerability of FortiOS operating system’s command-line interpreter, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of FortiOS command-line interpreter is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by introducing specially crafted command-line arguments...
Fortinet FortiOS Command Execution Vulnerability (CNVD-2024-29330)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS suffers from a...
VulnCheck KEV: CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...
CVE-2024-26010
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0...
CVE-2024-23110
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands...
CVE-2024-23111
An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...
CVE-2024-23111
An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...
CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...
CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...
CVE-2024-23110
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands...
CVE-2023-46720
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands...
CVE-2023-46720
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands...
CVE-2024-26010
CVE-2024-26010 is a stack-based buffer overflow affecting multiple Fortinet products (FortiPAM, FortiWeb, FortiAuthenticator, FortiSwitchManager, FortiOS, FortiProxy, etc.) across many versions. The underlying flaw allows an attacker to execute unauthorized code or commands via specially crafted ...
CVE-2024-26010
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0...
CVE-2024-21754
Fortinet CVE-2024-21754 is a CWE-916 issue affecting FortiOS up to 7.4.3 (and 7.2/7.0/6.4) and FortiProxy up to 7.4.2 (and 7.2/7.0/2.0). The root cause is password hashes with insufficient computational effort, enabling a privileged attacker with super-admin CLI access to decrypt backup files. Ex...
CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...