Fortinet FortiOS Input Validation Error Vulnerability (CNVD-2020-23174)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

CVE-2018-13371

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component...

CVE-2018-13371

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component...

Xxe

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component...

CVE-2018-13371

CVE-2018-13371 affects Fortinet FortiOS/FortiGate via the ZebOS component. An authenticated, regular user can change routing settings on vulnerable devices. Constrained by ZebOS, likely RCE/routing manipulation as described in Fortinet advisory FG-IR-18-230; affected versions include FortiOS 5.x ...

CVE-2018-13371

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component...

CVE-2018-13371

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component...

CVE-2019-6696

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...

CVE-2019-6696

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...

Input validation

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...

CVE-2019-6696

CVE-2019-6696 is a FortiOS URL-redirect vulnerability caused by improper input validation on the admin webUI password-change page. Connected sources confirm it affects FortiOS 5.x (>=5.4.0), 6.x (prior to 6.0.9), and 6.2.x (prior to 6.2.2). The issue allows an attacker to perform an URL redire...

CVE-2019-6696

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...

CVE-2019-6696

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...

Fortinet FortiOS 5.x >= 5.4.0 / 6.x < 6.0.9 / 6.2.x < 6.2.2 URL Redirection Vulnerability (FG-IR-19-179)

The remote host is running a version of FortiOS 5.x greater than or equal to 5.4.0, 6.x prior to 6.0.9, or 6.2.x prior to 6.2.2. It is, therefore, affected by a URL redirection vulnerability due to an input-validation flaw related to the admin password change page. C Tenable Network Security, Inc...

The vulnerability of the PRNG component of the FortiOS operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the PRNG component in the FortiOS operating system relates to the use of a weak entropy source during key generation. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information, when FortiOS acts as a client...

The vulnerability of the SSL VPN web portal of the operating system FortiOS allows a hacker to trigger a service failure.

The vulnerability of the SSL VPN web portal of the operating system FortiOS is related to an operation that goes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...

FortiOS SSL Deep Inspection TLS Padding Oracle Vulnerabilities

Multiple padding Oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS when configured with SSL Deep Inspection policies and with the IPS sensor enabled may allow an attacker to decipher TLS connections going through the FortiGate by...

Protect

An improper input validation vulnerability in FortiOS admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...

Fortinet FortiOS < 6.2.3 Multiple Vulnerabilities (FG-IR-19-217)

The remote host is running a version of FortiOS prior to 6.2.3. It is, therefore, affected by an information disclosure vulnerability due to a cleartext storage in a file or on disk. FortiOS SSL VPN allows an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able...

The vulnerability of the FortiOS operating system, related to deficiencies in access control, allows attackers to obtain secret keys embedded in the system or certificates uploaded by users.

The vulnerability of the FortiOS operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to obtain secret keys that are built into the system or certificates uploaded by users. This can occur either through resetting the encryption keys’...