Fortinet FortiOS Access Privilege Vulnerability

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An access...

Fortinet FortiAnalyzer FortiOS 5.0.x < 5.0.11 / 5.2.x < 5.2.2 Dataset Reports XSS

The Fortinet FortiAnalyzer FortiOS version running on the remote host is 5.0.x prior to 5.0.11 or 5.2.x prior to 5.2.2. It is, therefore, affected by a cross-site scripting vulnerability in the advanced dataset reports page due to a failure to properly sanitize user-supplied input to the...

Fortinet FortiManager FortiOS 5.0.x >= 5.0.3 and < 5.0.11 Dataset Reports XSS

The Fortinet FortiManager FortiOS version running on the remote host is 5.x greater than or equal to 5.0.3 and prior to 5.0.11. It is, therefore, affected by a cross-site scripting vulnerability in the advanced dataset reports page due to a failure to properly sanitize user-supplied input to the...

CVE-2015-7361

FortiOS 5.2.3, when configured to use High Availability HA and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors...

Authentication flaw

FortiOS 5.2.3, when configured to use High Availability HA and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors...

CVE-2015-7361

FortiOS 5.2.3, when configured to use High Availability HA and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors...

CVE-2015-7361

FortiGate FortiOS 5.2.3 (HA with dedicated management interface) exposes the ZebOS shell without authentication, allowing remote shell access via the HA management interface. Affected component is the ZebOS routing shell on the dedicated management interface; root cause is lack of authentication ...

Fortinet FortiOS 5.2.3 ZebOS Shell Remote Command Execution (FG-IR-15-020)

The remote host is running Fortinet FortiOS 5.2.3. It is, therefore, affected by a remote command execution vulnerability that allows an unauthenticated, remote attacker to execute arbitrary commands via the internal ZebOS shell on the high availability HA dedicated management interface. C Tenabl...

Fortinet FortiOS 5.0.x < 5.0.12 / 5.2.x < 5.2.4 Weak Ciphers (FG-IR-15-021)

The remote host is running a version of Fortinet FortiOS that is 5.0.x prior to 5.0.12 or 5.2.x prior 5.2.4. It is, therefore, affected by a flaw when connecting to a FortiGuard server via TLS due to the support of weak ciphers such as anonymous, export, and RC4. A man-in-the-middle attacker can...

Fortinet FortiOS < 4.3.13 SSL-VPN TLS MAC Spoofing

The remote host is running a version of FortiOS prior to 4.3.13. It is, therefore, affected by a man-in-the-middle spoofing vulnerability due to a flaw in the SSL-VPN feature. The SSL-VPN feature only validates the first byte of the TLS MAC in finished messages. A remote, man-in-the-middle attack...

Fortinet FortiOS 5.0.x < 5.0.1 Multiple DoS

The remote host is running a version of Fortinet FortiOS 5.0.x prior to 5.0.1. It is, therefore, affected by multiple denial of service vulnerabilities : - A flaw exists related to the handling of SSH traffic. An unauthenticated, remote attacker can exploit this to crash the proxyworker service. ...

Fortinet FortiOS 5.0.x < 5.0.2 Multiple Vulnerabilities

The remote host is running a version of Fortinet FortiOS 5.0.x prior to 5.0.2. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists due to a flaw when using SMTP. An unauthenticated, remote attacker can exploit this to bypass the DLP full content...

Fortinet FortiOS 5.0.x < 5.0.8 Packet Handling DoS

The remote host is running a version of Fortinet FortiOS 5.0.x prior to 5.0.8. It is, therefore, affected by a denial of service vulnerability due to a failure to properly handle spoofed packets. An unauthenticated, remote attacker can exploit this to terminate arbitrary sessions. C Tenable Netwo...

Fortinet FortiOS 5.0.x < 5.0.9 Telnet / SSH Username XSS

The remote host is running a version of Fortinet FortiOS 5.0.x prior to 5.0.9. It is, therefore, affected by a cross-site scripting vulnerability due to improper validation of user-supplied input to the Telnet and SSH usernames. An unauthenticated, remote attacker can exploit this vulnerability t...

Fortinet FortiOS 5.0.x < 5.0.4 Empty Device Group Firewall Bypass

The remote host is running a version of Fortinet FortiOS 5.0.x prior to 5.0.4. It is, therefore, affected by a security bypass vulnerability due to an unspecified flaw that that is triggered during the handling of empty device groups. An unauthenticated, remote attacker can exploit this to bypass...

Fortinet FortiOS 5.0.x < 5.0.5 FortiToken Security Bypass

The remote host is running a version of Fortinet FortiOS 5.0.x prior to 5.0.5. It is, therefore, affected by a security bypass vulnerability due to an unspecified flaw in FortiToken. An unauthenticated, remote attacker can exploit this to successfully authenticate even when a token is locked. C...

Fortinet FortiOS Input Validation Vulnerability

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A security...

Fortinet FortiOS SSL-VPN Man-in-the-Middle Security Bypass Vulnerability

Fortinet FortiOS is the United States Fita Fortinet company developed a set of dedicated to FortiGate network security platform on the security operating system. A security vulnerability exists in Fortinet FortiOS SSL-VPN that could be exploited by an attacker to perform an unauthorized...

CVE-2015-5965

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field...

CVE-2015-3626

Cross-site scripting XSS vulnerability in the DHCP Monitor page in the Web User Interface WebUI in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname...