CVE-2021-26110

An improper access control vulnerability CWE-284 in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted...

Fortinet FortiOS 路径遍历漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam, etc. A path...

Fortinet FortiOS 信任管理问题漏洞

Fortinet FortiOS is a security operating system from Fortinet, Inc. that is designed to be used on the FortiGate network security platform. A security vulnerability exists in Fortinet FortiOS, which stems from the use of hard-coded encryption keys that could allow an attacker to retrieve the keys...

Fortinet FortiOS 输入验证错误漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. Fortinet FortiOS is vulnerable to an integer overflow vulnerability that could be exploited by an attacker to corrupt control data on the heap with a specially...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...

Vulnerabilities fixed in FortiOS

Vulnerabilities have been fixed in FortiOS and FortiGate. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution User Rights Acces...

Protect

A download of code without integrity check vulnerability CWE-494 in the "execute restore src-vis" command of FortiOS may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages...

Protect

A heap-based buffer overflow CWE-122 in the firmware signature verification function of FortiOS may allow an attacker to execute arbitrary code via specially crafted installation images...

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. An attacker could exploit this...

Protect

A relative path traversal CWE-23 vulnerabiltiy in FortiOS and FortiProxy may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page...

PT-2021-6889 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.0.3 Description: A download of code without integrity check vulnerability in the "execute restore src-vis" command may allow a local authenticated attacker to download arbitrary files on the device via specially...

Protect

An integer overflow or wraparound vulnerability CWE-190 in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam.Fortinet FortiOS ha...

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

Protect

A buffer overflow CWE-121 in the TFTP client library of FortiOS, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments...

Protect

An improper access control vulnerability CWE-284 in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted configuration of fabric automation CLI script and auto-script features...

VulnCheck KEV: CVE-2021-44168

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files...

Protect

A use of hard-coded cryptographic key vulnerability CWE 321 in FortiOS SSLVPN may allow an attacker to retrieve the key by reverse engineering...

Fortinet FortiOS Remote Code Execution (CVE-2016-6909)

A remote code execution vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2021-32600

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and t...