CVE-2023-46717

An improper authentication vulnerability CWE-287 in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts...

CVE-2023-46717

An improper authentication vulnerability CWE-287 in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts...

CVE-2023-42789

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via...

CVE-2023-42789

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via...

CVE-2023-42789

Summary (CVE-2023-42789) A out-of-bounds write in Fortinet FortiOS and FortiProxy allows remote unauthenticated code execution via specially crafted HTTP requests, mainly via the captive portal. Affected FortiOS: 6.2.0–6.2.15, 6.4.0–6.4.14, 7.0.0–7.0.12, 7.2.0–7.2.5, 7.4.0–7.4.1. Affected FortiPr...

CVE-2023-42790

A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands...

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

CVE-2023-42790

A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands...

CVE-2023-42790

CVE-2023-42790 is a remote code execution risk due to a stack-based buffer overflow in Fortinet FortiOS and FortiProxy. Affected versions include FortiOS 6.2.0–6.2.15, 6.4.0–6.4.14, 7.0.0–7.0.12, 7.2.0–7.2.5, 7.4.0–7.4.1 and FortiProxy 2.0.0–2.0.13, 7.0.0–7.0.12, 7.2.0–7.2.6, 7.4.0. Exploitation ...

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

CVE-2024-23112

This CVE affects Fortinet FortiOS and FortiProxy SSL-VPN bookmarks. Affected components are the SSL-VPN bookmark handling, where an authenticated attacker may bypass authorization via URL manipulation to access another user’s bookmarks. Affected FortiOS/ FortiProxy versions include: FortiOS 6.4.7...

Fortinet Releases Security Updates for Multiple Products

Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary...

PT-2024-2445 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS affected versions not specified Description: The issue is related to a bypass of authorization in the FortiOS operating system, which can be exploited by using a user-controlled key. This could allow a remote attacker to gain...

Fortinet FortiOS Authorization Issues Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam. An authorization issue...

Fortinet Fortigate Improper authentication following read-only user login (FG-IR-23-424)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-424 advisory. - An improper authentication vulnerability CWE-287 in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and version...

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A buffer overflow vulnerability...

Fortinet FortiOS and FortiProxy Security Vulnerabilities

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A buffer overflow vulnerability...

Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

PT-2024-2091 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.7 through 6.4.14 FortiOS versions 7.0.1 through 7.0.13 FortiOS versions 7.2.0 through 7.2.6 FortiOS versions 7.4.0 through 7.4.1 FortiProxy versions 7.0.0 through 7.0.14 FortiProxy versions 7.2.0 through 7.2.8 FortiProxy...