Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a security operating system from Fortinet that is dedicated to the FortiGate network security platform. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam.Fortinet FortiOS has a security...

PT-2021-30879 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.1 and below FortiOS versions 6.2.9 and below Description: The issue allows a remote unauthenticated attacker to either redirect users to malicious websites via a crafted Host header or to execute JavaScript code in the...

Protect

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list. Â...

Protect

A cleartext storage in a file or on disk CWE-313 vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system...

Protect

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context...

Vulnerability fixed in FortiOS

A vulnerability has been fixed in FortiOS. The vulnerability allows a malicious party located within the victim's network is able to execute arbitrary code by providing a specially prepared image. Fortinet has released updates to fix the vulnerability. More information can be found on the page...

PT-2021-6860 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 6.4.7 FortiOS versions 7.0.0 through 7.0.2 Description: A buffer overflow in the TFTP client library may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line...

CVE-2021-24018

A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image...

CVE-2021-24018

A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image...

Buffer overflow

A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image...

CVE-2021-24018

CVE-2021-24018 concerns a buffer underwrite in the firmware verification routine of FortiOS/FortiWeb (pre-7.0.1). The vulnerability could allow an attacker located in the adjacent network to execute arbitrary code by sending a specially crafted firmware image. Affected products and exact versions...

CVE-2021-24018

A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image...

CVE-2021-24018

A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image...

Fortinet FortiOS Buffer Overflow Vulnerability (CNVD-2021-60533)

Fortinet FortiOS is a set of U.S. Fita Fortinet dedicated to FortiGate network security platform on the security operating system. Fortinet FortiOS suffers from a buffer overflow vulnerability that originates from a boundary error in the firmware validation process of FortiOS. An attacker could...

Vulnerabilities fixed in ForsiOS

FortiGuard Labs has fixed several vulnerabilities in FortiOS. The vulnerabilities allow a malicious party to execute attacks that potentially lead to the execution of arbitrary code under the user's privileges. FortiGuard Labs has released updates to fix the vulnerabilities fixes in FortiOS SSL...

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a set of U.S. Fita Fortinet dedicated to FortiGate network security platform on the security operating system. Fortinet FortiOS suffers from a buffer overflow vulnerability that originates from a boundary error in the firmware validation process of FortiOS. An attacker could...

Fortinet FortiOS 跨站脚本漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A cross-site scripting...

The vulnerability of the SSL-VPN portal for FortiOS operating systems allows a hacker to induce a service failure.

The vulnerability of the SSL-VPN portal for FortiOS operating systems is related to the execution of operations outside the buffer. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending a specially crafted POST request...

The vulnerability of the SSL-VPN portal for FortiOS operating systems allows a hacker to redirect users to a malicious website.

The vulnerability of the SSL-VPN portal for FortiOS operating systems is related to the use of open redirection. Exploiting this vulnerability could allow a malicious actor to redirect a user to a malicious website remotely...

The vulnerability of the SSL-VPN portal for FortiOS operating systems allows attackers to perform cross-site scripting attacks.

The vulnerability of the SSL-VPN portal for FortiOS operating systems exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...