Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2019-16229)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A cross-site scripting...

PT-2019-3002

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 5.4.6 through 5.4.12 Fortinet FortiOS versions 5.6.3 through 5.6.7 Fortinet FortiOS versions 6.0.0 through 6.0.4 FortiProxy versions 1.0.0 through 1.0.7 FortiProxy versions 1.1.0 through 1.1.6 FortiProxy versions 1.2....

PT-2019-2799 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 5.4.1 through 5.4.10 FortiOS versions 5.6.0 through 5.6.8 FortiOS versions 6.0.0 through 6.0.4 FortiProxy versions 1.0.0 through 1.0.7 FortiProxy versions 1.1.0 through 1.1.6 FortiProxy versions 1.2.0 through 1.2.8 FortiProxy...

Protect

A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests...

Fortinet FortiOS Buffer Overflow Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A buffer overflow vulnerability...

Fortinet FortiOS VM Input Validation Error Vulnerability

Fortinet FortiOS VM is a set of security operating system running on a virtualized platform from the American company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...

Protect

Failure to properly parse message payloads in the SSL VPN portal of FortiOS may allow a non-authenticated attacker to perform a Denial of Service attack via exploiting a buffer overflow...

Fortinet FortiGate <= 5.4.x / 5.6.x < 5.6.11 / 6.x < 6.2.0 Admin Privilege Escalation (FG-IR-17-053)

The remote host is running a FortiOS version prior or equal to 5.4.x or 5.6.x prior to 5.6.11 or 6.x to 6.2.0. It is, therefore, affected by an elevation of privilege vulnerability. An authenticated, remote attacker with admin privileges can exploit this, via restoring a modified configuration, t...

Fortinet FortiGate < 5.4.11 / 5.6.x < 5.6.8 / 6.x < 6.0.3 RCE (FG-IR-18-230)

The remote host is running FortiOS version 5.x prior to 5.4.11, 5.6.x prior to 5.6.8 or 6.x prior to 6.0.3. It is, therefore, affected by a remote code execution vulnerability that allows an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS...

Fortinet FortiOS Privilege License and Access Control Issues Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A vulnerability exists in Fortine...

The numerous vulnerabilities in the FortiOS operating system, related to the lack of protection for service data, allow attackers to disclose the protected information.

The multiple vulnerabilities of the FortiOS operating system are related to the lack of protection for service data. Exploiting these vulnerabilities can allow a malicious actor to disclose sensitive information by analyzing HTTP headers, certificates, and error messages...

CVE-2018-13366

An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol...

Information disclosure

An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol...

CVE-2018-13366

An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol...

CVE-2017-17544

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to superadmin via restoring modified configurations...

CVE-2018-13366

CVE-2018-13366 describes an information-disclosure in Fortinet FortiOS 6.0.1 and 5.6.7 and earlier, where the FortiGate serial number is exposed via the hostname field in PPTP connection-control setup packets. The root cause is the PPTP hostname field leaking device identity; impact is partial co...

CVE-2018-13366

An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol...

CVE-2018-13366

An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol...

CVE-2017-17544

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to superadmin via restoring modified configurations...

CVE-2017-17544

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to superadmin via restoring modified configurations...