2973 matches found
CVE-2022-27491
A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML...
Information disclosure
A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...
Input validation
A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML...
CVE-2021-43080
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat...
CVE-2021-43080
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat...
Cross site scripting
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat...
CVE-2021-43080
CVE-2021-43080 describes an improper neutralization of input (CWE-79) in FortiOS affecting versions 7.2.0, 6.4.0–6.4.9, and 7.0.0–7.0.5, enabling an authenticated user to perform a stored XSS via the URI parameter in the Threat Feed IP address section of the Security Fabric External connectors. T...
CVE-2021-43080
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat...
CVE-2021-43080
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat...
CVE-2022-29053
Summary (CVE-2022-29053) FortiOS contains a cryptographic-steps flaw in the encryption of keytab files. The issue affects FortiOS versions 7.2.0, 7.0.0 through 7.0.5, and below 7.0.0, where a missing cryptographic step could let an attacker with the encrypted file decipher its contents. The avail...
CVE-2022-29053
A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...
CVE-2022-29053
A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...
CVE-2022-27491
A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML...
CVE-2022-27491
A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML...
CVE-2022-27491
Fortinet FortiOS IPS engine flaws allow a remote, unauthenticated attacker to trigger sending of a crafted HTML “blocked page” to a victim via TCP, potentially flooding the target. Affected FortiOS IPS engine versions span 7.201–7.214, 7.001–7.113, 6.001–6.121, 5.001–5.258 and pre-4.086. The issu...
Protect
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors...
PT-2022-11772 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.0 through 6.4.9 FortiOS versions 7.0.0 through 7.0.5 FortiOS version 7.2.0 Description: The issue is related to an improper neutralization of input during web page generation, which may allow an authenticated attacker to...
PT-2022-19393 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.0.0 through 7.2.0 FortiOS versions below 7.0.0 Description: A missing cryptographic steps issue in the functions that encrypt keytab files may allow an attacker in possession of the encrypted file to decipher it. This affec...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...
多款Fortinet产品 SQL注入漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...