CVE-2022-30307

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack...

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

Vulnerabilities fixed in FortiOS

FortiNet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to gain access to system data, potentially manipulate it, or launch a Man-in-the-Middle attack. To manipulate system data, the malicious party needs need prior authentication. For performing a...

The vulnerability of the FortiClient NAC (fcnacd) operating system allows a perpetrator to execute arbitrary code or cause service interruptions.

The vulnerability of the FortiOS operating system’s FortiClient NAC fcnacd is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by sending a specially crafted request...

CVE-2022-30307

CVE-2022-30307 affects FortiOS RSA SSH host key handling. Affected versions: FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below. Root cause is a key management error (CWE-320) that may enable an unauthenticated attacker to perform a Man-in-the-Middle (MITM) attack by abusing the RSA SSH ho...

CVE-2022-38380

FortiOS contains an improper access control (CWE-284) vulnerability tracked as CVE-2022-38380 that may allow a remote authenticated read-only user to modify interface settings via the API. Affected versions are FortiOS 7.2.0 and 7.0.0–7.0.7. Fortinet PSIRT FG-IR-22-174 and related advisories desc...

CVE-2022-26122

CVE-2022-26122 affects Fortinet products FortiClient, FortiMail and FortiOS AV engines. The vulnerability, CWE-345, arises from insufficient verification of data authenticity and can allow bypass of the AV engine by manipulating MIME attachments encoded in base64. Affected versions are FortiClien...

CVE-2022-35842

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...

PT-2022-6024 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.0 through 6.4.9 FortiOS versions 7.0.0 through 7.0.6 FortiOS version 7.2.0 Description: The issue is related to the exposure of sensitive information to unauthorized actors, potentially allowing remote unauthenticated...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...

PT-2022-6025 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.0 and below FortiOS versions 7.0.6 and below FortiOS versions 6.4.9 and below Description: The issue is related to errors in managing the RSA SSH cryptographic key, which may allow a remote attacker to perform a...

PT-2022-5767 · Fortinet · Forticlient +2

Name of the Vulnerable Software and Affected Versions: FortiClient, FortiMail, and FortiOS AV engines versions 6.2.168 and below FortiClient, FortiMail, and FortiOS AV engines versions 6.4.274 and below Description: The issue is related to insufficient verification of data authenticity, which may...

Protect

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS may allow an unauthenticated attacker to perform a man in the middle attack...

Protect

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...

Protect

An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...

Protect

An improper access control CWE-284 vulnerability in FortiOS may allow a remote authenticated read-only user to modify the interface settings via the API...

PT-2022-6023 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.0.0 through 7.0.7 FortiOS version 7.2.0 Description: The issue is related to improper access control, which may allow a remote authenticated read-only user to modify interface settings via the API. This could potentially be...