CVE-2021-43074

CVE-2021-43074 is an explicit Fortinet issue: an improper verification of cryptographic signatures (CWE-347) affects FortiWeb and related Fortinet products, allowing an attacker who intercepts admin cookies to decrypt portions of the administrative session cookie. Affected products and versions i...

CVE-2021-43074

An improper verification of cryptographic signature vulnerability CWE-347 in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and...

CVE-2021-43074

An improper verification of cryptographic signature vulnerability CWE-347 in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and...

CVE-2022-41335

CVE-2022-41335 affects Fortinet FortiOS (versions 6.4.10 and earlier; 7.0.0–7.0.8; 7.2.0–7.2.2), FortiProxy (2.0.10 and earlier; 7.0.0–7.0.7; 7.2.0–7.2.1), and FortiSwitchManager (7.0.0 and 7.2.0) with a relative path traversal (CWE-23) that lets an authenticated attacker read/write files on the ...

CVE-2022-41335

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read...

CVE-2022-41335

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read...

PT-2023-1606 · Fortinet · Fortiproxy +2

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.10 and earlier, 7.0.0 through 7.0.8, 7.2.0 through 7.2.2 FortiProxy versions 2.0.10 and earlier, 7.0.0 through 7.0.7, 7.2.0 through 7.2.1 FortiSwitchManager versions 7.0.0 and earlier, 7.2.0 Description: A relative path...

Protect

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys ddns-key or n-mhae-key in FortiOS & FortiProxy configuration may allow an attacker in possession of the encrypted key to decipher it...

Protect

An improper verification of cryptographic signature vulnerability CWE-347 in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter...

Fortinet FortiOS 注入漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

PT-2023-12959 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 6.0.x through 7.2.0 Description: A missing cryptographic steps vulnerability in the functions that encrypt the DHCP and DNS keys may allow an attacker in possession of the encrypted key to decipher it. This issue...

Fortinet FortiOS 信任管理问题漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists ...

Fortinet FortiOS和FortiSwitch 路径遍历漏洞

Fortinet FortiOS and FortiSwitch are both products of Fortinet, a security operating system dedicated to the FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam, etc. FortiSwitch is a switch product, its bigges...

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS and FortiProxy may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds when the latter are...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

Protect

An improper privilege management vulnerability CWE-269 in FortiOS & FortiProxy may allow an administrator that has access to the admin profile section System subsection Administrator Users to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands...

Protect

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 in FortiOS and FortiProxy may allow an authenticated and remote attacker to inject arbitrary headers...

Protect

An improper neutralization of input during web page generation CWE-79 vulnerability in FortiOS may allow a remote, unauthenticated attacker to launch a cross site scripting XSS attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. Â...

Fortinet FortiOS 跨站脚本漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists ...

PT-2023-13601 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions prior to 7.0.7 FortiProxy versions 7.2.0 through 7.2.1 and prior to 7.0.7 Description: An improper privilege management issue allows an attacker with access to the admin profile section System subsection Administrato...