2968 matches found
CVE-2018-9185
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature...
CVE-2018-9185
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature...
CVE-2018-9185
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature...
CVE-2018-9185
Fortinet FortiOS 6.0.0 and earlier versions contain an information disclosure vulnerability where a user’s web portal login credentials are exposed in a client-side JavaScript file sent when bookmarking pages in the web portal that use Single Sign-On (SSO). Affected component is the FortiOS SSL-V...
Fortinet FortiOS SSH backdoor (CVE-2016-1909) - Ver2
An information disclosure vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Fortinet FortiGate < 5.6.6 / 6.0.x < 6.0.1 Plain Text Credentials (FG-IR-18-027)
The remote host is running FortiOS prior to 5.6.6 / 6.0.x 6.0.1. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110812; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate",...
Fortinet FortiOS Information Disclosure Vulnerability (CNVD-2018-13969)
Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An information...
FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file
An information disclosure vulnerability exists in the SSL-VPN web portal of FortiOS: when pages bookmarked in the web portal use the Single sign-on SSO feature, the user's webportal's login and password are included in a javascript file sent client-side. The leaked credential may potentially be...
Fortinet FortiGate <= 5.2.x / 5.4.x < 5.4.9 / 5.6.x < 5.6.3 Multiple Vulnerabilities (FG-IR-17-231, FG-IR-17-245 and FG-IR-17-172)
The remote host is running FortiOS 5.2.x or prior, 5.4.x prior to 5.4.9, or 5.6.x prior to 5.6.3. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110415; scriptversion"1.9";...
CVE-2017-14185
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information eg:addresses via specifically crafted URLs inside the SSL-VPN web portal...
Information disclosure
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information eg:addresses via specifically crafted URLs inside the SSL-VPN web portal...
CVE-2017-14185
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information eg:addresses via specifically crafted URLs inside the SSL-VPN web portal...
CVE-2017-14185
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information eg:addresses via specifically crafted URLs inside the SSL-VPN web portal...
CVE-2017-14185
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information eg:addresses via specifically crafted URLs inside the SSL-VPN web portal...
CVE-2017-14185
Fortinet FortiOS contains an information disclosure vulnerability (CVE-2017-14185) affecting FortiOS 5.6.0–5.6.2, 5.4.0–5.4.8, and 5.2 (all versions). The issue allows SSL VPN web portal users to access internal FortiOS configuration information (e.g., addresses) via specially crafted URLs within...
Fortinet FortiOS Local Elevation of Privilege Vulnerability (CNVD-2018-10482)
Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A security...
Remote code execution
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary progra...
CVE-2017-14187
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary progra...
CVE-2017-14187
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary progra...
CVE-2017-14187
Fortinet FortiOS contains a local privilege escalation/remote code execution vulnerability (CVE-2017-14187) affecting FortiOS 5.6.0–5.6.2, 5.4.0–5.4.8, and 5.2 and earlier. An admin user with super_admin privileges can abuse a FortiGate USB device by linking an arbitrary binary on the USB drive t...