The vulnerability of the FortiOS operating system, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of the FortiOS operating system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by using specially crafted SSL/TLS or HTTP traffic...

Fortinet FortiOS SSL VPN Directory Traversal Vulnerability (FG-IR-18-384) (Direct Check)

The remote host is running a version of FortiOS 5.6.3 prior to 5.6.8 or 6.0.x prior to 6.0.5. It is, therefore, affected by a directory traversal vulnerability in the SSL VPN web portal, due to improper sanitization of path traversal characters in URLs. An unauthenticated, remote attacker can...

Fortinet FortiOS 5.6.0 < 5.6.8 / 6.0.x < 6.0.5 multiple pre-auth XSS vulnerabilities on SSL VPN (FG-IR-18-383)

A Cross-site Scripting XSS vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. TRUSTED...

Fortinet FortiOS (Mac OS X) 5.6.0 < 5.6.8 / 6.0.x < 6.0.5 multiple pre-auth XSS vulnerabilities on SSL VPN (FG-IR-18-383) (deprecated)

The plugin was deprecated due to checking hosts for FortiClient instead of FortiOS. Use fortiosFG-IR-18-383.nasl plugin ID 128278 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/18. Deprecated by fortiosFG-IR-18-383.nasl include"compat.inc"; if description scriptid12827...

The vulnerability of the SSL VPN web portal of the operating system FortiOS allows a hacker to gain access to system files.

The vulnerability of the SSL VPN web portal of the operating system FortiOS exists due to an incorrect path limitation to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain access to system files by sending a specially crafted HTTP request...

CVE-2018-13367

An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI...

CVE-2018-13367

An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI...

Information disclosure

An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

Design/Logic Flaw

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

CVE-2018-13367

An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI...

CVE-2018-13367

CVE-2018-13367 affects FortiOS (Fortinet) WEB UI, where an information-exposure flaw allows unauthenticated attackers to retrieve platform details (version, models) by parsing a JavaScript file served through the admin web UI. Affected releases include FortiOS 6.2.3, 6.2.0 and earlier versions. T...

CVE-2018-13367

An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

CVE-2019-5592

CVE-2019-5592 describes padding oracle vulnerabilities in FortiOS SSL Deep Inspection with CBC padding in the FortiOS IPS engine. Affected FortiGate/FortiOS IPS versions (5.000–5.006, 4.000–4.036, 4.200–4.219, and 3.547 and below) configured with SSL Deep Inspection policies and the IPS sensor en...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

FortiOS 5.6.7 / 6.0.4 Credential Disclosure

Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link: https://www.fortinet.com/products/fortigate/fortios.html...

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit (2)

Exploit for hardware platform in category web applications Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...

FortiOS 5.6.7 / 6.0.4 Credential Disclosure

Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link: https://www.fortinet.com/products/fortigate/fortios.html...