2971 matches found
CVE-2023-44250
An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests...
Privilege escalation
An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests...
CVE-2023-44250
CVE-2023-44250 describes an improper privilege management (CWE-269) in Fortinet FortiOS HA clusters (versions 7.4.0–7.4.1 and 7.2.5) and FortiProxy HA clusters (7.4.0–7.4.1). An authenticated attacker can perform elevated actions via crafted HTTP(S) requests. The CVSS v3.1 base score is 8.8 (Netw...
CVE-2023-44250
An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests...
CVE-2023-44250
An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests...
Fortinet FortiOS Security Vulnerabilities
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...
Fortinet Releases Security Updates for FortiOS and FortiProxy
Fortinet has released a security update to address a vulnerability in FortiOS and FortiProxy software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the FG-IR-23-315 FortiOS & FortiProxy - Improper...
Fortinet Fortigate Improper authorization for HA requests (FG-IR-23-315)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-315 advisory. - An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2...
PT-2024-1008 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.5 through 7.4.1 FortiProxy versions 7.4.0 through 7.4.1 Description: An improper privilege management issue allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. This can...
The vulnerability of the FortiOS operating systems and the FortiProxy proxy server, related to vulnerabilities in access control, allows attackers to bypass security restrictions.
The vulnerabilities of the FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks are related to deficiencies in access control. Exploiting these vulnerabilities allows a malicious actor to circumvent security restrictions by synchronizing publicly...
The vulnerability of HTTPSd on FortiOS operating systems, the FortiProxy proxy server for protecting against internet attacks, and the FortiPAM identity management system allows a perpetrator to execute arbitrary code or commands.
The vulnerability of HTTPSd in FortiOS operating systems, along with the FortiProxy proxy server for protecting against internet attacks, and the FortiPAM identity management system, is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a malicious actor to...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS, as used in FortiProxy and FortiPAM. An unauthenticated malicious person could exploit the vulnerability with reference CVE-2023-47536 to exploit a security measure to bypass and route traffic through the system that should not be allowed should be...
CVE-2023-47536
An improper access control vulnerability CWE-284 in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny...
CVE-2023-47536
An improper access control vulnerability CWE-284 in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny...
Improper access control
An improper access control vulnerability CWE-284 in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny...
CVE-2023-47536
An improper access control vulnerability CWE-284 in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny...
CVE-2023-47536
CVE-2023-47536 affects FortiOS (7.2.0, 7.0.13 and below, 6.4.14 and below) and FortiProxy (7.2.3 and below, 7.0.9 and below, 2.0.12 and below). The issue is an improper access control (CWE-284) that may allow a remote unauthenticated attacker to bypass the firewall geolocation policy by timing th...
CVE-2023-47536
An improper access control vulnerability CWE-284 in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny...
CVE-2023-41678
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request...
CVE-2023-41678
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request...