Protect

FortiOS Explicit Web Proxy by default allows non-standard HTTP traffic.Â...

The vulnerability of the ZebOS component of the FortiOS operating system, which allows a hacker to modify routing settings

The vulnerability of the ZebOS component of the FortiOS operating system is related to the improper assignment of privileges. Exploiting this vulnerability allows a malicious actor to remotely modify routing settings...

The vulnerability of the SSL VPN web portal of the operating system FortiOS allows a hacker to perform cross-site scripting attacks.

The vulnerability of the SSL VPN web portal of the operating system FortiOS is related to the lack of measures for sanitizing input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks using the param parameter...

The vulnerability of the SSL VPN web portal of the operating system FortiOS allows a hacker to perform cross-site scripting attacks.

The vulnerability of the SSL VPN web portal of the operating system FortiOS is related to the lack of measures for securing input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely, using the “err” parameter...

The vulnerability of the FortiOS operating system, related to resource management errors, allows attackers to disclose sensitive information.

The vulnerability of the FortiOS operating system is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

Fortinet FortiOS (Mac OS X) <= 5.4 / 5.6.x < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Web Portal login redir XSS (FG-IR-17-242) (deprecated)

The plugin was deprecated due to checking hosts for FortiClient instead of FortiOS. Use fortiosFG-IR-17-242.nasl plugin ID 104886 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/18. Deprecated by fortiosFG-IR-17-242.nasl include"compat.inc"; if description scriptid12589...

Fortinet FortiOS < 5.6.11, 6.0.x < 6.0.5 SSL VPN Heap Buffer Overflow (FG-IR-18-388)

The remote host is running a version of FortiOS prior to 5.6.11 or 6.0.x prior to 6.0.5. It is, therefore, affected by a heap buffer overflow condition in the SSL VPN web portal due to improper handling of javascript href data. An unauthenticated, remote attacker can exploit this, by convincing a...

Fortinet FortiOS < 5.2.15, 5.4.0 < 6.0.5 SSL VPN web portal Host Header Redirection (FG-IR-19-002)

The remote host is running a version of FortiOS prior to 5.2.15 or 5.4.0 prior to 6.0.5. It is, therefore, affected by a host header redirection vulnerability in the SSL VPN web portal due to a failure to properly validate HTTP request headers. An unauthenticated, remote attacker can exploit this...

Fortinet FortiOS (Mac OS X) < 5.2.15, 5.4.0 < 6.0.5 SSL VPN Web Portal Host Header Redirection (FG-IR-19-002) (deprecated)

The plugin was deprecated due to checking hosts for FortiClient instead of FortiOS. Use fortiosFG-IR-19-002.nasl plugin ID 125889 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/18. Deprecated by fortiosFG-IR-19-002.nasl include"compat.inc"; if description scriptid12589...

Fortinet FortiOS (Mac OS X) 5.4.6 <= 5.4.12 / 5.6.3 < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Directory Traversal (FG-IR-18-384) (deprecated)

The plugin was deprecated due to checking hosts for FortiClient instead of FortiOS. Use fortiosFG-IR-18-384.nasl plugin ID 125885 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/18. Deprecated by fortiosFG-IR-18-384.nasl include"compat.inc"; if description scriptid12589...

Fortinet FortiOS <= 5.4, 5.6.x < 5.6.8, 6.0.x < 6.0.5 SSL VPN Buffer Overflow (FG-IR-18-387)

The remote host is running a version of FortiOS prior or equal to 5.4, 5.6.x prior to 5.6.8 or 6.0.x prior to 6.0.5. It is, therefore, affected by a buffer overflow condition in the SSL-VPN web portal, due to a failure to properly parse message payloads. An unauthenticated attacker can exploit...

Fortinet FortiOS (Mac OS X) < 5.6.11, 6.0.x < 6.0.5 SSL VPN Heap Buffer Overflow (FG-IR-18-388) (deprecated)

The plugin was deprecated due to checking hosts for FortiClient instead of FortiOS. Use fortiosFG-IR-18-388.nasl plugin ID 125887 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/18. Deprecated by fortiosFG-IR-18-388.nasl include"compat.inc"; if description scriptid12589...

Fortinet FortiOS 5.4.6 <= 5.4.12 / 5.6.3 < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Directory Traversal (FG-IR-18-384)

The remote host is running a version of FortiOS 5.4.6 prior or equal to 5.4.12, 5.6.3 prior to 5.6.8 or 6.0.x prior to 6.0.5. It is, therefore, affected by a directory traversal vulnerability in the SSL VPN web portal, due to an improper limitation of a pathname to a restricted Directory. An...

Fortinet FortiOS (Mac OS X) <= 5.4, 5.6.x < 5.6.8, 6.0.x < 6.0.5 SSL VPN Buffer Overflow (FG-IR-18-387) (deprecated)

The plugin was deprecated due to checking hosts for FortiClient instead of FortiOS. Use fortiosFG-IR-18-387.nasl plugin ID 125886 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/18. Deprecated by fortiosFG-IR-18-387.nasl include"compat.inc"; if description scriptid12589...

Fortinet FortiOS (Mac OS X) 5.4.1 < 5.4.11 / 5.6.x < 5.6.9 / 6.0.x < 6.0.5 SSL VPN Security Bypass (FG-IR-18-389) (deprecated)

The plugin was deprecated due to checking hosts for FortiClient instead of FortiOS. Use fortiosFG-IR-18-389.nasl plugin ID 125888 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/18. Deprecated by fortiosFG-IR-18-389.nasl include"compat.inc"; if description scriptid12589...

Fortinet FortiOS 5.4.1 < 5.4.11 / 5.6.x < 5.6.9 / 6.0.x < 6.0.5 SSL VPN Security Bypass (FG-IR-18-389)

The remote host is running a version of FortiOS 5.4.1 prior to 5.4.11, 5.6.x prior to 5.6.9 or 6.0.x prior to 6.0.5. It is, therefore, affected by a security bypass vulnerability in the SSL VPN web portal, due to an error when processing HTTP requests. A remote, unauthenticated attacker can explo...

Cross site scripting

A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests...

Code injection

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

Cross site scripting

A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests...

CVE-2019-5586

A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests...