2973 matches found
CVE-2022-23442
FortiOS contains an improper access control vulnerability (CWE-284) tracked as CVE-2022-23442. An authenticated attacker with a restricted profile can use CLI commands to reveal checksum information about other VDOMs. Affected FortiOS versions are 6.2.0–6.2.11, 6.4.0–6.4.8, and 7.0.0–7.0.5. Publi...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...
Protect
An improper access control vulnerability CWE-284 in FortiOS may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands...
Protect
A format string vulnerability CWE-134 in the command line interpreter of FortiOS, FortiOS-6K7K, FortiProxy, FortiADC, and FortiMail may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...
Fortinet Fortigate Inter-VDOM information leaking (FG-IR-22-036)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-036 advisory. - An improper access control vulnerability CWE-284 in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0...
Fortinet FortiGate和Fortinet FortiOS 格式化字符串错误漏洞
Fortinet FortiOS and Fortinet FortiGate are both products of the U.S. Fiat Fortinet Inc. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and...
CVE-2022-23438
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authenticatio...
CVE-2022-23438
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authenticatio...
CVE-2022-23438
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authenticatio...
Cross site scripting
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authenticatio...
CVE-2021-44170
A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...
CVE-2021-42755
An integer overflow / wraparound vulnerability CWE-190 in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x;...
CVE-2021-44170
A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...
Integer overflow
An integer overflow / wraparound vulnerability CWE-190 in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x;...
Stack overflow
A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...
CVE-2022-23438
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authenticatio...
CVE-2022-23438
CVE-2022-23438 is a reflected cross-site scripting (XSS) vulnerability in FortiOS, arising from improper input neutralization during web page generation. Affected are FortiOS 7.0.x up to 7.0.5 and 6.4.x up to 6.4.9; the issue enables an unauthenticated, remote attacker to trigger XSS in the capti...
CVE-2022-23438
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authenticatio...
CVE-2021-42755
CVE-2021-42755 is an integer overflow/wraparound (CWE-190) in Fortinet devices, affecting FortiOS, FortiProxy, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise across multiple 7.x/6.x branches. The vulnerability concerns the dhcpd daemon and can let an unauthenticated, network-adjacent attack...
CVE-2021-42755
An integer overflow / wraparound vulnerability CWE-190 in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x;...