Protect

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system's builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up...

Fortinet FortiOS CVE-2019-5593 Information Disclosure Vulnerability

Description Fortinet FortiOS is prone to an local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Fortinet FortiOS 6.2.0, 6.0.0 through 6.0.6, 5.6.10 and prior are vulnerable. Technologies Affected Fortinet...

Fortinet FortiOS CVE-2019-15705 Denial of Service Vulnerability

Description Fortinet FortiOS is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Technologies Affected Fortinet FortiOS 4.3.10 Fortinet FortiOS 4.3.12 Fortinet FortiOS 4.3.13 Fortinet FortiOS 4.3.14 Fortinet FortiOS 4.3.8 Fortinet...

Protect

An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS and FortiProxy may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request...

FortiOS DRBG unsufficient entropy (FG-IR-19-186)

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA...

CVE-2019-15703

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...

CVE-2019-15703

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...

Design/Logic Flaw

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...

CVE-2019-15703

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...

CVE-2019-15703

Fortinet FortiOS is affected by CVE-2019-15703 where insufficient entropy in the PRNG (DRBG) can theoretically allow recovery of a long-term ECDSA secret in a TLS client with RSA handshake and mutual ECDSA authentication, via flush+reload side-channel attacks in FortiGate VM models only. The vuln...

Unspecified Vulnerability in Fortinet FortiOS

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

Fortinet FortiOS CVE-2019-15703 Insufficient Entropy Vulnerability

Description Fortinet FortiOS is prone to an insufficent entropy vulnerability. Remote attackers can exploit this issue to perform side-channel attacks and obtain sensitive information. This aids in other attacks. Technologies Affected Fortinet FortiOS 2.36.0 Fortinet FortiOS 2.50.0 Fortinet Forti...

Protect

Multiple information exposure vulnerabilities in FortiOS may allow an unauthenticated attacker to perform some information gathering via parsing the HTTP headers, web portal certificate, and error messages. The exposed information includes the FortiGate's model, serial number and internal IP...

Fortinet FortiOS SSL VPN Directory Traversal (CVE-2018-13379)

A directory traversal vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

Fortinet FortiGate 5.2.0 < 5.6.11 / 6.0.x < 6.0.5 XSS (FG-IR-19-034)

The remote host is running a FortiOS version prior to 6.2.1. It is, therefore, affected by a cross-site scripting vulnerability. An unauthenticated attacker on the same subnet may be able perform a reflected cross-site scripting attack by injecting unsantized input into multiple parameters of the...

VulnCheck KEV: CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users...

VulnCheck KEV: CVE-2018-13382

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password...

VulnCheck KEV: CVE-2018-13379

Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests...

The vulnerability of the FortiOS operating system, related to the lack of protection for service data, allows attackers to disclose the protected information.

The vulnerability of the FortiOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of software for scanning and controlling IPS engine applications in FortiOS systems lies in the lack of protection for service data. This allows attackers to carry out “man-in-the-middle” attacks and expose the protected information.

The vulnerability of software for scanning and controlling IPS engine applications in FortiOS systems is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” attack and expose the protected information...