The vulnerability of the FortiOS operating system’s signature verification function allows a hacker to execute arbitrary code.

The vulnerability of the FortiOS operating system’s signature verification function is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created installation images...

The vulnerability of the FortiOS operating system, related to insufficient verification of CN/SAN certificates, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the FortiOS operating system is related to insufficient verification of the authenticity of the CN/SAN certificates. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the SSL VPN orchestrator for FortiOS operating systems allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the SSL VPN orchestrator for FortiOS systems is related to a numerical overflow condition. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted requests...

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems allows a hacker to execute arbitrary code or commands.

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems is related to authentication errors. Exploiting this vulnerability allows a perpetrator to execute unauthorized code or commands using certain console command sequences like “print str” and “cmd...

The vulnerability of the SSL-VPN portal for FortiOS operating systems allows a hacker to obtain the encryption key.

The vulnerability of the SSL-VPN portal for FortiOS operating systems is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow a malicious actor to obtain the encryption key remotely...

The vulnerability of the command-line interface of FortiOS operating systems allows attackers to disclose sensitive information.

The vulnerability of the command-line interface of FortiOS operating systems is related to access control deficiencies. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by security measures...

Fortinet FortiGate Detection Consolidation

Consolidation of Fortinet FortiGate detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

The vulnerability of FortiOS operating systems, related to the lack of protection for service data, allows attackers to gain unauthorized access to protected information.

The vulnerability of the FortiOS operating systems is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information by sending a specially crafted Client Hello message in TLS SNI...

Protect

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiOS may allow a privileged attacker to disclose sensitive information via SNI Client Hello TLS packets...

Fortinet FortiOS 7.0.x < 7.0.2 Path Traversal (FG-IR-21-181)

The remote host is running a version of FortiOS that is 7.0.x prior to 7.0.2. It is, therefore, affected by a path traversal vulnerability that may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the...

CVE-2021-26092

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to...

CVE-2021-26092

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to...

Cross site scripting

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to...

CVE-2021-26092

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to...

CVE-2021-26092

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to...

CVE-2021-26092

CVE-2021-26092 affects Fortinet FortiGate SSL VPN portal and FortiProxy, where input is not sanitized, enabling a remote unauthenticated attacker to perform a reflected XSS via malicious GET parameters on the error page. Affected FortiGate FortiOS versions span 5.2.x to 6.4.x and FortiProxy 1.2.x...

Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware

A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling...

Fortinet FortiOS Privilege Escalation (FG-IR-20-131)

The remote host is running a version of FortiOS prior or equal to 6.0.12, 6.2.x prior or equal to 6.2.9, 6.4.x prior or equal to 6.4.6, 7.0.0 or FortiOS-6K7K version prior or equal to 6.2.6, 6.4.2. It is, therefore, affected by a privilege escalation vulnerability in FortiOS autod daemon, which m...

Fortinet FortiOS CSRF (FG-IR-20-158)

The remote host is running a version of FortiOS that is 5.6.x, 6.0.x, 6.2.x prior or equal to 6.2.9, 6.4.x prior or equal to 6.4.6, 7.0.0. It is, therefore, affected by a cross-site request forgery vulnerability in the user interface of FortiGate SSL VPN portal, which may allow a remote,...

Fortinet FortiOS Integer Overflow (FG-IR-21-049)

The remote host is running a version of FortiOS prior or equal to 6.0.12, 6.2.x prior or equal to 6.2.9, 6.4.x prior or equal to 6.4.5 or 7.0.0. It is, therefore, affected by an integer overflow vulnerability in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt...