Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiClientEMS may allow a...

Fortinet FortiOS Out-Of-Bounds Write

CVE-2024-21762 out-of-bounds write in Fortinet FortiOS CVE-2024-21762 vulnerability Vulnerability ===== FortiGate released a version update in February, fixing multiple medium- and high-risk vulnerabilities. One of the severe-level vulnerabilities is an unauthorized out-of-bounds write...

Vulnerability of FortiOS operating systems and FortiProxy proxy servers in protecting against Internet attacks, related to operations occurring outside of the buffer in memory, allowing attackers to execute arbitrary code.

The vulnerability of the FortiOS operating systems and the proxy server used for protection against Internet attacks is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially...

Fortinet FortiOS and FortiProxy Buffer Overflow Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A buffer overflow vulnerability...

The vulnerability of the SSL-VPN component for FortiOS operating systems and proxy servers, which allows attackers to gain unauthorized access to another user’s web pages.

The vulnerability of the SSL-VPN component for FortiOS operating systems and FortiProxy proxy servers relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to gain unauthorized access to another user’s web page by manipulating the URL...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2024-21762 out-of-bounds write in Fortinet FortiOS CVE-20...

Fortinet FortiOS and FortiProxy Null Pointer Dereference Vulnerability

Fortinet FortiOS is a Fortinet security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from cyberattacks by combining a variety of detection technologies such as Web filtering, DNS filtering, DLP, anti-virus,...

Fortinet FortiOS and FortiProxy Null Pointer Dereference Vulnerability (CNVD-2024-13092)

Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from cyberattacks by combining a variety of detection technologies, such as Web filtering, DNS filtering, DLP, anti-virus,...

Vulnerabilities fixed in Fortinet FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary code, gain access to sensitive data or to elevate privileges. The vulnerability with reference CVE-2024-23112 applies to FortiOS and FortiProxy SSLVPN, and allows...

Formatting String Error Vulnerability in Multiple Fortinet Products

Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from cyberattacks by combining a variety of detection technologies, such as Web filtering, DNS filtering, DLP, anti-virus,...

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

CVE-2023-46717

An improper authentication vulnerability CWE-287 in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts...

CVE-2023-42789

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via...

CVE-2023-46717

An improper authentication vulnerability CWE-287 in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts...

Authorization

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

Cross site scripting

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via...

Stack overflow

A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands...

Authentication flaw

An improper authentication vulnerability CWE-287 in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts...

CVE-2023-46717

CVE-2023-46717 describes an improper authentication vulnerability (CWE-287) in FortiOS when FortiAuthenticator is configured in HA. Affects FortiOS versions 7.4.1 and below, 7.2.6 and below, and 7.0.12 and below. The issue may allow a read-only user to gain read-write access through successive lo...