2971 matches found
CVE-2019-6693
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...
CVE-2019-6693
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...
Hardcoded credentials
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...
CVE-2018-9195
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...
CVE-2018-9195
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...
Hardcoded credentials
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...
CVE-2019-6693
Fortinet FortiOS contains a vulnerability CVE-2019-6693: use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup files. An attacker with access to the backup file could decrypt sensitive data, including users’ passwords (excluding admin), private keys’ passp...
CVE-2019-6693
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...
CVE-2019-6693
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...
CVE-2018-9195
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...
CVE-2018-9195
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...
PT-2019-6279 · Fortinet · Fortimanager +2
Name of the Vulnerable Software and Affected Versions: FortiOS, FortiManager, and FortiAnalyzer affected versions not specified Description: The vulnerability involves the use of a hard-coded cryptographic key to encrypt sensitive data within configuration backup files and CLI configurations. An...
Fortinet FortiOS < 5.6.11 / 6.0.0 < 6.0.7 / 6.2.0 < 6.2.2 Information Disclosure (FG-IR-19-134)
The remote host is running a version of FortiOS prior to 5.6.11, 6.0.x prior to 6.0.7, or 6.2.x prior to 6.2.2. It is, therefore, affected by an information disclosure vulnerability. The vulnerability exists in the storage of private keys and certificates due to improper value checking or...
CVE-2019-6693
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users’ passwords except the...
Fortinet FortiOS Trust Management Issue Vulnerability
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...
Multiple Fortinet Products CVE-2018-9195 Hardcoded Cryptographic Key Vulnerability
Description Multiple Fortinet products are prone to a hard-coded cryptographic key vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. The following Fortinet products are affected:...
Fortinet FortiOS CVE-2019-6693 Hardcoded Cryptographic Key Vulnerability
Description Fortinet FortiOS is prone to a hardcoded cryptographic key vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Versions prior to Fortinet FortiOS 5.6.11, 6.0.7 and 6.2.1 are vulnerable. Technologies Affected Fortinet...
Unspecified Vulnerability in Fortinet FortiOS (CNVD-2019-42441)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...
The vulnerability of the FortiOS operating system, the FortiAnalyzer network firewall, and the FortiManager centralized management system lies in the lack of mechanisms for checking certificate revocation. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerabilities of the FortiOS operating system, FortiAnalyzer network firewall, and FortiManager centralized management system are related to the lack of verification for certificate revocation. Exploiting these vulnerabilities allows a malicious actor to compromise the confidentiality,...
Protect
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to superadmin, via restoring modified configurations...