Fortinet Fortigate Out-of-bound write in CLI (FG-IR-22-494)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-494 advisory. - A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS versio...

Protect

A NULL pointer dereference vulnerability CWE-476 in FortiOS may allow a remote unauthenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests...

PT-2023-3230 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.0.0 through 6.0.16 FortiOS versions 6.2.0 through 6.2.14 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 7.2.0 through 7.2.4 FortiProxy versions 1.0.0 through 1.0.7 FortiProxy...

PT-2023-3233 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.0 through 7.2.3 FortiProxy versions 1.0 through 7.2.2 Description: The issue is related to an out-of-bounds write in memory, which can be exploited to allow an attacker to escalate their privileges. This can be achieved via...

Protect

A cleartext transmission of sensitive information vulnerability CWE-319 in FortiOS & FortiProxy may allow an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands...

PT-2023-3236 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.0.0 through 7.0.8 FortiOS versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.8 FortiProxy versions 7.2.0 through 7.2.1 Description: The issue is related to the cleartext transmission of sensitive information...

Protect

A NULL pointer dereference vulnerability CWE-476 in FortiOS may allow an authenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests to the /proxy endpoint...

Fortinet Fortigate Read Only administrator can intercept sensitive data (FG-IR-22-380)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-380 advisory. - A cleartext transmission of sensitive information vulnerability CWE-319 in Fortinet FortiOS version 7.2.0 through 7.2.4,...

Fortinet Fortigate Access of uninitialized pointer in administrative interface API (FG-IR-23-095)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-095 advisory. - A access of uninitialized pointer vulnerability CWE-824 in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9...

Fortinet Fortigate DoS in firmware upgrade function (FG-IR-22-375)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-375 advisory. - A loop with unreachable exit condition 'infinite loop' in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0...

PT-2023-3075

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions prior to 7.2.5 Fortinet FortiOS versions prior to 7.0.12 Fortinet FortiOS versions prior to 6.4.13 Fortinet FortiOS versions prior to 6.0.16 Fortinet FortiProxy versions prior to 7.2.3 Fortinet FortiProxy versions pri...

Oracle Linux 7 : olcne (ELSA-2023-23649)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-23649 advisory. - CVE-2023-27496 - CVE-2023-27488 - CVE-2023-27493 - CVE-2023-27492 - CVE-2023-27491 - CVE-2023-27487 1.6.1-3 Tenable has extracted the preceding...

The vulnerability of the SSLVPN service on FortiOS operating systems and the proxy servers for protecting against Internet attacks by FortiProxy allows attackers to execute arbitrary commands.

The vulnerability of the SSLVPN service on FortiOS operating systems and FortiProxy proxy servers for protecting against Internet attacks is related to writing data beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending special...

Fortinet addresses Vulnerabilities in FortiADC, FortiOS and FortiProxy

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has issued security patches for two high-severity vulnerabilities - an OS command vulnerability in FortiADC, and an out-of-bounds write flaw in sslvpnd of FortiOS and FortiProxy. To recei...

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy and FortiADC. The vulnerability with reference CVE-2023-22640 relates FortiOS and FortiProxy and allows an authenticated remote malicious person to execute arbitrary code via specially prepared requests to execute arbitrary code. The...

CVE-2023-22640

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7,...

CVE-2023-22640

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7,...

Cross site scripting

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7,...

CVE-2023-22640

CVE-2023-22640 describes an out-of-bounds write in Fortinet FortiOS (versions 7.2.0–7.2.3, 7.0.0–7.0.10, 6.4.0–6.4.11, 6.2.0–6.2.13, 6.0) and FortiProxy (7.2.0–7.2.1, 7.0.0–7.0.7, 2.0, 1.2, 1.1, 1.0) that allows an authenticated attacker to execute arbitrary code or commands via crafted requests....

CVE-2023-22640

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7,...