CVE-2023-41841

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions...

CVE-2023-33301

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host...

CVE-2023-33301

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host...

Improper access control

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host...

Design/Logic Flaw

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components...

Authorization

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions...

Design/Logic Flaw

A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching pro...

Cross site request forgery (csrf)

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services...

CVE-2023-37935

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services...

CVE-2023-37935

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services...

CVE-2023-37935

Fortinet FortiOS SSL VPN contains CVE-2023-37935: a vulnerability where GET requests with sensitive query strings can expose plaintext passwords for remote services (e.g., RDP/VNC). Affected: FortiOS versions 7.0.0–7.0.12, 7.2.0–7.2.5, and 7.4.0. Root cause: GET request handling allows leakage of...

CVE-2023-41675

CVE-2023-41675 is a use-after-free vulnerability in Fortinet FortiOS and FortiProxy that can be triggered by crafted packets reaching proxy rules with proxy mode and SSL deep packet inspection. Affected: FortiOS 7.2.0–7.2.4 and 7.0.0–7.0.10; FortiProxy 7.2.0–7.2.2 and 7.0.0–7.0.8. Impact: unauthe...

CVE-2023-41675

A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching pro...

CVE-2023-41675

A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching pro...

CVE-2023-41841

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions...

CVE-2023-41841

CVE-2023-41841 affects Fortinet FortiOS WEB UI in FortiOS 7.0.0–7.0.11 and 7.2.0–7.2.4, where an attacker with prof-admin privileges can perform elevated actions due to improper authorization. The NVD entry lists a CVSSv3.1 base score of 8.8 (HIGH) with NETWORK attack vector and LOW privileges re...

CVE-2023-41841

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions...

CVE-2023-36555

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components...

CVE-2023-36555

CVE-2023-36555 is an XSS vulnerability in Fortinet FortiOS 7.2.0–7.2.4 where improper neutralization of script-related HTML tags in the FortiSAML/Security Fabric context can allow a remote attacker to run unauthorized code via crafted requests. The CVE entry is corroborated by multiple sources (N...

CVE-2023-36555

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components...