Fortinet FortiOS 5.4.x < 5.4.6 / 5.6.x < 5.6.1 XSS (CVE-2017-3131)

The version of Fortinet FortiOS running on the remote device is 5.4.x prior to 5.4.6, or 5.6.x prior to 5.6.1. It is, therefore, affected by a Cross-site Scripting XSS vulnerability that allows attackers to execute unauthorized code or commands via the filter input in Applications under FortiView...

Fortinet FortiGate 5.2.x >= 5.2.12 / 5.4.6 - 5.4.7 / 5.6.1 - 5.6.3 Information Disclosure (FG-IR-18-325)

The remote host is running FortiOS 5.12.x greater than or equal to 5.2.12, 5.4.6, 5.4.7, 5.6.1 up to 5.6.3. It is, therefore, affected by an error related to the web proxy disclaimer web pages that allows disclosure of uninitialized memory buffers. C Tenable Network Security, Inc...

CVE-2018-13376

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

CVE-2018-13376

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

Buffer overflow

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

CVE-2018-13376

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

CVE-2018-13376

CVE-2018-13376 affects Fortinet FortiOS web proxy disclaimer pages, leaking uninitialized memory buffers and potentially exposing sensitive data in HTTP responses. Affected are FortiOS 5.2.x (all 5.2.12+), 5.4.6–5.4.7, and 5.6.1–5.6.3. Root cause: uninitialized memory buffer in the web proxy disc...

CVE-2018-13376

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

Uninitialized memory buffer leak in FortiOS explicit web proxy

An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

Serial number disclosure in the FortiOS PPTP server hostname protocol field

Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol...

The vulnerability of the CAPWAP operating system in FortiOS, allowing a hacker to induce a service failure

The vulnerability of the CAPWAP operating system in FortiOS arises from errors in processing input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a large number of ClientHello DTLS messages...

The vulnerability of the FortiOS operating system arises from the inability to monitor active network sessions after an update to the scanning mechanism. This allows a hacker to bypass the security measures.

The vulnerability of the FortiOS operating system is related to the cessation of monitoring active network sessions after an update to the scanning mechanism. Exploiting this vulnerability allows a malicious actor to bypass security measures remotely...

The vulnerability of the FortiOS operating system’s SSL-VPN implementation, caused by errors in processing input data, allows a hacker to replace encrypted traffic with malicious data.

The vulnerability of the SSL-VPN implementation in the FortiOS operating system arises due to errors in processing input data. Exploiting this vulnerability allows a malicious actor to replace encrypted traffic using a specially generated MAC...

The vulnerability of the FortiOS operating system arises from insufficient protection of the web page structure, allowing attackers to inject arbitrary JavaScript or HTML code.

The vulnerability of the FortiOS operating system arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability in the web interface user/ldapuser/add of the FortiOS operating system is due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code through the filter parameter...

The vulnerability of the FortiOS operating system arises from the use of weak encryption algorithms during TLS connections, allowing attackers to carry out phishing attacks and man-in-the-middle attacks.

The vulnerability of the FortiOS operating system arises from the use of weak encryption algorithms during TLS connections. Exploiting this vulnerability allows a remote attacker to perform phishing attacks and man-in-the-middle attacks...

The vulnerability of the FortiManager system’s operating system, FortiOS, allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the FortiManager system’s FortiOS operating system arises from errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures remotely...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability in the FortiOS operating system’s web interface firewall/schedule/recurrdlg is due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code through the mkey parameter...

The vulnerability of the SSL VPN web portal’s login page in the operating system FortiOS allows a hacker to inject arbitrary JavaScript or HTML code.

The vulnerability of the SSL VPN web portal’s login page in the operating system FortiOS arises due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

The vulnerability of the FortiOS operating system, caused by errors in authentication mechanisms, allows a perpetrator to gain unauthorized access to the ZebOS shell.

The vulnerability of the FortiOS operating system is caused by errors in the authentication mechanism. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the ZebOS shell...