CVE-2022-35843

An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allo...

CVE-2022-35843

An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allo...

Authentication flaw

An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allo...

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages...

CVE-2022-40680

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages...

CVE-2022-40680

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages...

CVE-2022-40680

Fortinet FortiOS contains a cross-site scripting (XSS) vulnerability (CVE-2022-40680) caused by improper neutralization of input during web page generation, enabling a privileged attacker to store and execute malicious payloads in replacement messages. Affected FortiOS versions are 6.0.7–6.0.15, ...

CVE-2022-35843

An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allo...

CVE-2022-35843

CVE-2022-35843 affects FortiOS SSH login component (and FortiProxy SSH) across multiple versions, allowing remote, unauthenticated login via a crafted Access-Challenge response from RADIUS. Affected: FortiOS 6.0–7.2.0 and 6.2–6.4.9; FortiProxy 1.2.0–2.0.10 and 7.0.0–7.0.5. Root cause described as...

CVE-2022-35843

An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allo...

Protect

An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server...

Fortinet FortiOS 跨站脚本漏洞

Fortinet FortiOS is a security operating system from Fortinet, a US-based company dedicated to the FortiGate network security platform. A cross-site scripting vulnerability exists in Fortinet FortiOS, which stems from improper input neutralization during web page generation and could be exploited...

Fortinet FortiOS授权问题漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

Protect

A improper neutralization of input during web page generation 'cross-site scripting' CWE-79 in FortiOS may allow a privileged attacker to perform a stored XSS attack via storing malicious payloads in replacement messages...

PT-2022-5771 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.0 through 7.2.0 FortiOS versions 6.2 through 6.4.9 FortiProxy versions 1.2.0 through 2.0.10 FortiProxy versions 7.0.0 through 7.0.5 Description: The issue is related to an authentication bypass by assumed-immutable data...

PT-2022-6108 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 6.0.7 through 6.0.15 Fortinet FortiOS versions 6.2.2 through 6.2.12 Fortinet FortiOS versions 6.4.0 through 6.4.9 Fortinet FortiOS versions 7.0.0 through 7.0.3 Description: The issue is related to improper...

Fortinet Fortigate Telnet on the SSL-VPN interface results in information leak (FG-IR-22-223)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-223 advisory. - An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN versions 7.2.0,...

Fortinet Fortigate RSA SSH host key lost at shutdown (FG-IR-22-228)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-228 advisory. - A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below,...

Fortinet Fortigate Read-Only users able to add/modify the Interface fields using the API (FG-IR-22-174)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-174 advisory. - An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remo...

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...