CVE-2023-41678

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request...

CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

Double free

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request...

Format string

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

CVE-2023-41678

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request...

CVE-2023-41678

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request...

CVE-2023-41678

CVE-2023-41678 centers on a double-free in Fortinet FortiOS (7.0.0–7.0.5) and FortiPAM (1.0.0–1.0.3, 1.1.0–1.1.1) that allows an attacker to execute arbitrary code or commands via a specially crafted request. Affected components include FortiOS’s HTTPSd daemon and FortiPAM. The exploitation impac...

CVE-2023-36639

CVE-2023-36639 describes a vulnerability where an externally-controlled format string could allow remote code execution in Fortinet FortiProxy, FortiOS, and FortiPAM. Affected are FortiProxy 7.2.0–7.2.4, 7.0.0–7.0.10; FortiOS 7.4.0, 7.2.0–7.2.4, 7.0.0–7.0.11, 6.4.0–6.4.12, 6.2.0–6.2.15, 6.0.0–6.0...

CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

Fortinet FortiProxy 格式化字符串错误漏洞

Fortinet FortiProxy is a secure network proxy from Fortinet that protects employees from cyberattacks by combining multiple detection technologies such as Web filtering, DNS filtering, DLP, anti-virus, intrusion prevention, and advanced threat protection.FortiProxy helps reduce bandwidth...

Fortinet FortiOS Access Control Error Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An Access Control Error...

Fortinet FortiOS Resource Management Error Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and antispam security features. Fortinet FortiOS, FortiPAM A resource...

PT-2023-28043 · Fortinet · Fortipam +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.0.0 through 7.0.5 FortiPAM versions 1.0.0 through 1.0.3 FortiPAM versions 1.1.0 through 1.1.1 Description: A double free in Fortinet FortiOS and FortiPAM allows an attacker to execute unauthorized code or commands...

PT-2023-7704 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.0, 7.0.13 and below, 6.4.14 and below FortiProxy versions 7.2.3 and below, 7.0.9 and below, 2.0.12 and below Description: The issue is related to improper access control, which may allow a remote unauthenticated attacker ...

PT-2023-7697 · Fortinet · Fortiproxy +2

Name of the Vulnerable Software and Affected Versions: FortiProxy versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.10 FortiOS versions 7.4.0 FortiOS versions 7.2.0 through 7.2.4 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 6.2.0...

The vulnerability of the NGFW mode of the FortiOS operating system for FortiGate network devices allows attackers to circumvent existing access restrictions.

The vulnerability of the NGFW mode of the FortiOS network interface controller FortiGate relates to deficiencies in the access control list ACL mechanism. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions...

The vulnerability of the FortiOS operating system and the FortiProxy proxy server, related to numerical truncation errors, allows attackers to trigger a service failure.

The vulnerability of the FortiOS operating system and the FortiProxy proxy server, related to numerical truncation errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

The vulnerability of the FortiOS operating system and the FortiProxy proxy server, which lacks integrity checks, allows attackers to load arbitrary images onto the device.

The vulnerability of the FortiOS operating system and the FortiProxy proxy server, which is related to the lack of integrity checks. Exploiting this vulnerability allows a attacker to load arbitrary images onto the device...

The vulnerability of the FortiOS operating system lies in its failure to handle CRLF sequences in HTTP headers, allowing attackers to inject arbitrary HTTP headers.

The vulnerability of the FortiOS operating system is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote attacker to inject arbitrary HTTP headers...

The vulnerability in the FortiOS operating system’s web interface allows attackers to circumvent existing security restrictions through brute-force attacks.

The vulnerability of the FortiOS operating system’s web interface is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions through brute-force attacks...