Protect

An insufficient session expiration CWE-613 vulnerability in FortiOS REST API may allow an attacker to keep a secure websocket session active after user deletion...

Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw

No less than 330,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that has come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a report published last week, said that out of nearly 490,000...

Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw

No less than 330,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that has come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a report published last week, said that out of nearly 490,000...

The vulnerability of the Fclicense demon in the FortiOS operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the Fclicense demon in the FortiOS operating system is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created requests...

Vulnerability of FortiOS operating systems and FortiProxy proxy servers in protecting against Internet attacks, related to errors in the certificate validation process, allowing attackers to execute “man-in-the-middle” type attacks.

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server for protection against Internet attacks is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to execute a “man-in-the-middle” attack remotely...

The vulnerability of FortiOS operating systems and FortiProxy proxy servers related to insufficient protection of registration data allows attackers to expose confidential information.

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to obtain and disclose confidential information...

The vulnerability of the SSL-VPN daemon on the FortiOS operating system, related to the swapping of the zero pointer, allows a hacker to trigger a service failure.

The vulnerability of the SSL-VPN daemon on the FortiOS operating system is related to the assignment of a null pointer. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted HTTP requests to the /proxy endpoint...

The vulnerability of the SSL-VPN daemon on the FortiOS operating system, related to the swapping of the zero pointer, allows a hacker to trigger a service failure.

The vulnerability of the SSL-VPN daemon on the FortiOS operating system is related to the assignment of a null pointer. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted HTTP requests to the /proxy endpoint...

The vulnerability of the SSL-VPN portal for operating systems FortiOS and the proxy server used for protecting against internet attacks by FortiProxy allows attackers to induce a service failure.

The vulnerability of the SSL-VPN portal for FortiOS operating systems and the FortiProxy proxy server used for protecting against internet attacks is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

The vulnerabilities of the FortiOS operating systems, the FortiProxy proxy server for protecting against internet attacks, and the FortiSwitchManager local management platform are related to errors in processing relative paths in the administrative interface. This allows attackers to delete any directories from the file system at will.

The vulnerabilities of the FortiOS operating systems, the FortiProxy proxy server for protecting against internet attacks, and the FortiSwitchManager local management platform are related to errors in the processing of relative paths in the administrative interface. Exploiting these vulnerabiliti...

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server, related to the transmission of data in an open manner, allows attackers to increase their privileges.

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server for protection against Internet attacks is related to the transmission of data in an open manner. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of FortiWeb web applications’ network firewalls, FortiOS operating systems, and FortiProxy proxy servers relates to the execution of a loop with an unavailable exit condition. This allows attackers to cause service interruptions.

The vulnerability of FortiWeb web applications’ firewalls, FortiOS operating systems, and FortiProxy proxy servers for protecting against Internet attacks is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow a remote attacker to cause...

The vulnerability of the SSL-VPN portal for operating systems FortiOS and the proxy server used for protecting against internet attacks by FortiProxy allows attackers to induce a service failure.

The vulnerability of the SSL-VPN portal for FortiOS operating systems and the FortiProxy proxy server used for protecting against internet attacks is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server, related to writing beyond buffer boundaries in memory, allows attackers to increase their privileges.

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server for protection against Internet attacks is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to enhance their privileges...

Exploit for Out-of-bounds Write in Fortinet Fortios

CVE-2022-42475 Background This is the exploit for the blog...

Fortinet FortiOS Buffer Overflow Vulnerability (CNVD-2024-26327)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A buffer error vulnerability exis...

Exploit for Buffer Underflow in Fortinet Fortiweb

CVE-2023-25610 Insufficient heap memory in the FortiOS manage...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2023-27997 Vulnerability Assessment Tool Safely detect wh...

CVE-2023-33307

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter...

CVE-2023-33306

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter...