CVE-2015-2323

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets...

Code injection

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets...

Design/Logic Flaw

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field...

Cross site scripting

Cross-site scripting XSS vulnerability in the DHCP Monitor page in the Web User Interface WebUI in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname...

CVE-2015-5965

Fortinet FortiOS SSL-VPN before 4.3.13 is affected by CVE-2015-5965: the TLS MAC in finished messages is only validated by the first byte, enabling a remote attacker to spoof encrypted content via a crafted MAC field. This vulnerability, documented in multiple sources, could lead to disclosure of...

CVE-2015-3626

Summary: CVE-2015-3626 is an XSS flaw in Fortinet FortiOS FortiGate WebUI, specifically the DHCP Monitor page. Affected: FortiOS versions prior to 5.2.4. Cause: insufficient input filtering on the DHCP hostname field allows injection of arbitrary script/HTML. References from NVD/NVD-listed detail...

CVE-2015-2323

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets...

CVE-2015-5965

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field...

CVE-2015-2323

Fortinet FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 are vulnerable when connecting to FortiGuard servers via TLS due to support for weak ciphers (anonymous, export, RC4). This enables MITM attackers to downgrade or spoof TLS traffic. The issue is documented in FG-IR-15-021 and related CVE...

CVE-2015-3626

Cross-site scripting XSS vulnerability in the DHCP Monitor page in the Web User Interface WebUI in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname...

Fortinet FortiGate FortiOS Security Bypass Vulnerability

Fortinet FortiGate running FortiOS is a set of security operating system developed by American Fitta Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security feature...

Fortinet FortiOS Security Bypass Vulnerability

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A security bypas...

Fortinet FortiOS HTML Injection Vulnerability (CNVD-2015-05052)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An HTML injectio...

FortiOS supports weak ciphers suites when connecting to Fortiguard servers

...

Fortinet FortiOS Detection (HTTP)

HTTP based detection of Fortinet devices running FortiOS. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-1880

Cross-site scripting XSS vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-8616

Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the 1 user group or 2 vpn template menus...

Cross site scripting

Cross-site scripting XSS vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the 1 user group or 2 vpn template menus...

CVE-2015-1880

Fortinet FortiOS 5.2.x prior to 5.2.3 is vulnerable to a cross-site scripting (XSS) flaw in the sslvpn login page. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, with exploitation potentially enabling code execution in the victim’s browser and re...