CVE-2021-44170

A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...

CVE-2021-44170

CVE-2021-44170 describes a stack-based buffer overflow in the CLI diagnostic command interpreter of Fortinet FortiOS (before 7.0.4) and FortiProxy (before 2.0.8). An authenticated local attacker can trigger the overflow via specially crafted CLI arguments to execute arbitrary code or commands. Th...

CVE-2021-44170

A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...

Fortinet FortiOS 7.0.x <= 7.0.5 / 6.4.x <= 6.4.9 XSS (FG-IR-21-057)

The remote host is running a version of FortiOS that is 7.0.x through 7.0.5 or 6.4.x through 6.4.9. It is, therefore, affected by a cross-site scripting XSS vulnerability due to improper neutralization of input during web page generation. An unauthenticated, remote attacker can exploit this, by...

Fortinet FortiOS Buffer Overflow (FG-IR-21-206)

The remote host is running a version of FortiOS that is 6.0.x through 6.0.14, 6.2.x through 6.2.10, 6.4.x through 6.4.8, or 7.0.x through 7.0.5. It is, therefore, affected by a buffer overflow vulnerability. An authenticated, remote attacker can exploit this issue, via the TFTP protocol with...

Fortinet FortiOS Buffer Overflow (FG-IR-21-206)

The remote host is running a version of FortiOS that is 6.0.x through 6.0.14, 6.2.x through 6.2.10, 6.4.x through 6.4.8, or 7.0.x through 7.0.2. It is, therefore, affected by a stack-based buffer overflow vulnerability. An authenticated, remote attacker can exploit this issue, via specially craft...

Fortinet FortiOS Integer Overflow (FG-IR-21-155)

An integer overflow vulnerability in the dhcpd daemon of FortiOS allows unauthenticated, adjacent attackers to cause a denial of service DoS condition. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

Protect

A buffer copy without checking size of input 'Classic Buffer Overflow'Â vulnerability CWE-120 in FortiAnalyzer, FortiManager, FortiOS and FortiProxy may allow a privileged attacker to execute arbitrary code or command via crafted CLI execute certificate remote, execute vpn certificate remote and...

Fortinet FortiOS 跨站脚本漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering, anti-spam, and other security features. A cross-site scripting vulnerabilit...

Protect

An integer overflow / wraparound vulnerability CWE-190 in the FortiOS, FortiProxy, FortiSwitch, FortiRecoder, and FortiVoiceEnterprise dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service...

PT-2022-3652 · Fortinet · Fortimanager +3

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer versions 7.0.2 and below, 6.4.7 and below, 6.2.9 and below, 6.0.11 and below, 5.6.11 and below FortiManager versions 7.0.2 and below, 6.4.7 and below, 6.2.9 and below, 6.0.11 and below, 5.6.11 and below FortiOS versions 7.0.0...

PT-2022-11679 · Fortinet · Fortiswitch +4

Name of the Vulnerable Software and Affected Versions: FortiSwitch versions 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x FortiRecorder versions 6.4.2 and below, 6.0.10 and below FortiOS versions 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x FortiProxy versions 7.0.0, 2.0.6 and below...

Protect

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authentication replacement page...

Protect

A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS and FortiProxy may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...

Fortinet FortiOS < 6.4 MitM (FG-IR-18-292)

An improper certificate validation vulnerability in FortiOS allows an adjacent, unauthenticated attacker to man-in-the-middle communication. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

PT-2022-15346 · Fortinet · Fortisandbox +3

Name of the Vulnerable Software and Affected Versions: FortiManager versions 7.0.1 and below, 6.4.6 and below FortiAnalyzer versions 7.0.2 and below, 6.4.7 and below FortiOS versions 6.2.x and 6.0.x FortiSandbox versions 4.0.x, 3.2.x and 3.1.x Description: An improper certificate validation issue...

多款Fortinet产品信任管理问题漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A trust management issue...

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS, FortiAnalyzer, FortiManager, and FortiSandbox may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers...

Fortinet FortiOS < 6.0.14 / 6.2 < 6.2.10 / 6.4 < 6.4.8 / 7.0 < 7.0.3 Arbitrary File Download (FG-IR-21-201)

The remote host is running a version of FortiOS prior to 6.0.14, 6.2 prior to 6.2.10, 6.4 prior to 6.4.8, or 7.0 prior to 7.0.3. It is, therefore, affected by an arbitrary file download vulnerability that could allow a local authenticated attacker to download arbitrary files on the device via...

The vulnerability of the FortiOS operating system, related to the unencrypted storage of confidential information, allows attackers to obtain user credentials when a user logs into the system.

The vulnerability of the FortiOS operating system is related to the unencrypted storage of confidential information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain the login credentials of users who access the system...