Fortinet FortiOS Hard-Coded Cryptographic Key (FG-IR-21-051)

The remote host is running a version of FortiOS prior to 5.6.13, 6.0.x prior or equal to 6.0.12, 6.2.x prior or equal to 6.2.8, or 6.4.x prior or equal to 6.4.5, FortiOS-6K7K version prior to 6.2.6 and 6.4.2. It is, therefore, affected by a hard-coded cryptographic key vulnerability in FortiOS...

Fortinet FortiOS Buffer Overflow Vulnerability (CNVD-2022-08470)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

Fortinet FortiOS and FortiProxy Out-of-bounds Write

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users...

Fortinet FortiOS and FortiProxy Improper Authorization

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password...

Fortinet FortiOS Heap-based Buffer Overflow (FG-IR-21-115)

The remote host is running a version of FortiOS prior to 6.0.13, 6.2.x prior or equal to 6.2.9, 6.4.x prior or equal to 6.4.6, 7.0.x prior or equal to 7.0.1, FortiOS-6K7 prior to 6.0.10, 6.2.x prior or equal to 6.2.7, 6.4.x prior or equal to 6.4.2. It is, therefore, affected by a heap-based buffe...

CVE-2021-44168

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages...

CVE-2021-44168

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages...

Design/Logic Flaw

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages...

CVE-2021-44168

Fortinet FortiOS FortiGate vulnerability CVE-2021-44168: a local authenticated attacker can exploit the FortiOS “execute restore src-vis” path to download arbitrary files on the device via specially crafted update packages, potentially yielding a root shell via LD_PRELOAD. Published exploit code ...

CVE-2021-44168

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages...

CVE-2021-44168

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages...

CVE-2021-44168

A download of code without integrity check vulnerability in the “execute restore src-vis” command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. Recent assessments: Assessed Attacker Value: 0 Assess...

PT-2022-4969 · Fortinet · Fortiadc +3

Name of the Vulnerable Software and Affected Versions: FortiADC versions 6.0.0 through 6.2.1 FortiProxy versions 1.0.0 through 2.0.7 and 7.0.0 through 7.0.1 FortiOS versions 6.0.0 through 6.4.8 and 7.0.0 through 7.0.2 FortiMail versions 6.4.0 through 7.0.2 Description: A format string vulnerabili...

The vulnerability of the Application Control Block in FortiOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Application Control Block in FortiOS operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Fortinet FortiOS Path Traversal Vulnerability (CNVD-2021-101142)

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam, etc. A path...

Fortinet FortiOS has an unspecified vulnerability (CNVD-2022-06912)

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam.Fortinet FortiOS ha...

Fortinet FortiOS Integer Overflow Vulnerability

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. Fortinet FortiOS is vulnerable to an integer overflow vulnerability that could be exploited by an attacker to corrupt control data on the heap with a specially...

CVE-2021-36169

A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations...

Code injection

A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations...

CVE-2021-36169

A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations...