CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

CVE-2021-41032

An improper access control vulnerability CWE-284 in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

CVE-2021-41032

An improper access control vulnerability CWE-284 in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

Improper access control

An improper access control vulnerability CWE-284 in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

Code injection

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

CVE-2021-43206

The CVE-2021-43206 issue affects Fortinet FortiOS and FortiProxy. A server-generated error message can leak a web proxy’s client username and IP via same-origin HTTP requests that trigger proxy-generated HTTP status code pages. Affected FortiOS/FortiProxy ranges include FortiOS 7.0.0–7.0.3, 6.4.0...

CVE-2021-41032

An improper access control vulnerability CWE-284 in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

CVE-2021-41032

An improper access control vulnerability CWE-284 in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

CVE-2021-41032

CVE-2021-41032 is an improper access control vulnerability in FortiOS where an authenticated user with a restricted profile can gather sensitive information and modify the SSL-VPN tunnel state of other VDOMs via specific CLI commands. Affected products are FortiOS 6.4.8 and prior and 7.0.3 and pr...

Vulnerabilities fixed in FortiOS

Vulnerabilities have been fixed in FortiOS. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to sensitive data Access to system data Fortinet has released updates to...

Protect

A server-generated error message containing sensitive information vulnerability CWE-550 in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a dedicated security operating system for the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS versions 6.4.8 and earlier and 7.0.3 and earlier are vulnerable to an access control error that could be exploited by an authenticated attacker with a...

Protect

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiProxy and FortiOS web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS is vulnerable to an information leakage vulnerability that results from excessive data output in server-generated error messages, which can be exploited by...

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms...

Protect

An improper access control vulnerability CWE-284 in FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

Fortinet FortiOS 信任管理问题漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. Fortinet FortiOS is vulnerable to trust management issues, which could be exploited by attackers to conduct man-in-the-middle attacks on FortiGate communications...

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server, related to errors in processing the relative path to the directory, allows attackers to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized...

The vulnerability in the implementation of the “execute restore src-vis” command in FortiOS operating systems allows a hacker to write arbitrary files.

The vulnerability in the execution of the “execute restore src-vis” command in FortiOS operating systems lies in the loading of code without checking its integrity. Exploiting this vulnerability allows an attacker to write arbitrary files using specially crafted update packages...