2971 matches found
CVE-2019-5593
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...
CVE-2019-5593
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...
Input validation
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...
CVE-2019-5593
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...
CVE-2019-5593
Fortinet FortiOS is affected by CVE-2019-5593. The flaw arises from improper permission/value checking in the CLI console, allowing a non-privileged local attacker to obtain plaintext private keys of system certificates by unsetting the encryption password for built‑in certificates (FortiOS 6.2.0...
CVE-2019-5593
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...
Protect
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP requests, the SSL-VPN web portal may respond with a redirection to websites specified by the attacker...
Fortinet FortiOS < 5.6.10 / 6.0 < 6.0.7 / 6.2.x < 6.2.1 Vulnerable Encryption (FG-IR-19-007)
The remote host is running a version of FortiOS that has not yet enabled private-data-encryption. A authorized remote user with access or knowledge of the standard encryption key could gain access and decrypt the FortiOS backup files and all non-administor passwords and private keys.' CVE-2019-66...
The vulnerability of the FortiOS operating system, related to authentication errors, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the FortiOS operating system is related to authentication errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information, while pretending to be an LDAP server...
CVE-2019-15705
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request...
CVE-2019-15705
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request...
Input validation
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request...
CVE-2019-15705
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request...
CVE-2019-15705
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request...
CVE-2019-15705
Fortinet FortiOS SSL VPN portal is affected by an improper input validation vulnerability (CVE-2019-15705) in FortiOS versions 6.2.1 and earlier and 6.0.6 and earlier, allowing an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. The issue is document...
Protect
A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for logged in users or potential remote code execution on FortiOS; this happens when an authenticated user visits a specifically crafted proxy-ed webpage, and this is due to a...
Fortinet FortiOS < 6.0.7 / 6.2.x < 6.2.2 Multiple Vulnerabilities (FG-IR-19-184, FG-IR-19-236)
The remote host is running a version of FortiOS prior to 6.0.7 or 6.2.x prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities : - A Cross-site Scripting XSS vulnerability in the FortiGate DHCP monitor page alllows an unauthenticated attacker in the same network as the FortiGate t...
Fortinet FortiOS < 5.6.12 / 6.x < 6.0.8 Information Disclosure MitM (FG-IR-18-100)
The remote host is running a version of FortiOS prior to 5.6.12 or 6.x prior to 6.0.8. It is, therefore, affected by an information disclosure man-in-the-middle vulnerability in the FortiGuard services communication protocol due to the use of a hardcoded cryptographic key. A remote attacker with...
Fortinet FortiOS Input Validation Error Vulnerability
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An input validation error...
Fortinet FortiOS and Fortinet FortiClient Trust Management Issues Vulnerability
Fortinet FortiOS and Fortinet FortiClient are both products of the U.S. company Fita Fortinet.Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and...