The vulnerability affects the implementation of URL/SPAM/AV filtering in FortiOS and Fortinet’s FortiClient for Windows and FortiClient for Mac security solutions. This allows attackers to execute a type of “man-in-the-middle” attack.

The vulnerability of the URL/SPAM/AV filtering implementations in FortiOS and Fortinet’s FortiClient for Windows and FortiClient for Mac systems is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to execute a type of...

The vulnerability of the httpd daemon in FortiOS operating systems and the proxy server designed to protect against Internet attacks by FortiProxy allows a perpetrator to cause a service failure.

The vulnerability of the httpd daemon in FortiOS operating systems, as well as the proxy server used for protecting against Internet attacks via FortiProxy, is related to writing data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service...

The vulnerability of the command-line interface (CLI) of FortiOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the command-line interface CLI of FortiOS operating systems is related to the use of rigidly encrypted credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The implementation of the configuration for listening to connections from devices FortiHeartBeat (fabric/fortiheartbeat/endpoint-compliance) on FortiOS operating systems and FortiGate network interfaces is vulnerable. This allows a intruder to gain unauthorized access to protected information.

The vulnerability of the configuration for listening to device connections from FortiHeartBeat devices fabric/fortiheartbeat/endpoint-compliance on FortiOS operating systems and FortiGate network interfaces is related to incorrect registration of traffic for the IP address range. Exploiting this...

The vulnerability of the Tunnel Mode mode in the implementation of SSL VPN technology for FortiOS operating systems allows a perpetrator to cause a service failure.

The vulnerability of the Tunnel Mode mode in the FortiOS operating system-based SSL VPN technology stems from the fact that data operations go beyond the buffer in memory when processing LCP packets. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of FortiOS operating systems, related to the lack of measures taken to protect the website structure, allows attackers to execute cross-site scripting attacks.

The vulnerability of FortiOS operating systems is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks through the IPS and WAF logs...

Metasploit Weekly Wrap-Up

Zimbra with Postfix LPE CVE-2022-3569 This week rbowes added an LPE exploit for Zimbra with Postfix. The exploit leverages a vulnerability whereby the Zimbra user can run postfix as root which in turn is capable of executing arbitrary shellscripts. This can be abused for reliable privilege...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 CVE-2022-40684 Remote Fortinet Code Exeuction v...

Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.

This module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account. And then add a SSH key to the authorizedkeys file of the chosen account, allowing to login to the system with the chosen account...

Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.', 'Description' = %q This module exploits an authentication bypass...

Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass Exploit

This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorizedkeys file of the chosen account, allowing you to login to the system with the chosen...

CVE-2022-29055

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via a...

CVE-2022-29055

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via a...

CVE-2022-29055

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via a...

Cross site request forgery (csrf)

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via a...

CVE-2022-40684

An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...

Authentication flaw

An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...

CVE-2022-40684

An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...

CVE-2022-40684

An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...

CVE-2022-40684

An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...