2767 matches found
CVE-2021-44171
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged command...
CVE-2022-29055
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via a...
CVE-2022-40684
An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...
CVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3,...
CVE-2024-46670
An Out-of-bounds Read vulnerability CWE-125 in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
Proof of Concept for CVE-2024-55591 Exploit This script is a...
Vulnerability fixed in FortiNet FortiOS and FortiProxy
FortiNet has fixed a vulnerability in FortiOS and FortiProxy. The vulnerability is in the node.js implementation of the management Web interface and allows a malicious person to bypass authentication to become super-admin on the vulnerable system without prior authentication or authorizations. Fo...
About Authentication Bypass – FortiOS (CVE-2024-55591) vulnerability
About Authentication Bypass - FortiOS CVE-2024-55591 vulnerability. A critical flaw allows remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module. Affected systems include Fortinet devices running FortiOS e.g., FortiGate NGFW and FortiProxy. On Januar...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
CVE-2024-55591 A Fortinet FortiOS Authentication Bypass Proof...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
CVE-2024-55591 PoC This repository contains an PoC Proof of...
Unspecified Vulnerability in Fortinet FortiOS (CNVD-2025-02529)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a security...
Fortinet FortiOS Resource Management Error Vulnerability (CNVD-2025-03522)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A resource management error...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
This is a PoC exploit for CVE-2024-55591, a vulnerability in For...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
CVE-2024-55591 A Fortinet FortiOS Authentication Bypass Vulner...
Vulnerabilities fixed in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy. The vulnerabilities include hard-coded cryptographic keys, improper processing of OS commands, and out-of-bounds write and read errors. Attackers can exploit these vulnerabilities to gain...
PT-2025-5627 · Fortinet · Fortiproxy +2
Name of the Vulnerable Software and Affected Versions: FortiOS affected versions not specified FortiProxy affected versions not specified Description: A weakness in the web-based management interfaces of Fortinet Fortigate firewall devices allows attackers to gain administrator access to the...
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...
CVE-2024-54021
An Improper Neutralization of CRLF Sequences in HTTP Headers 'http response splitting' vulnerability CWE-113 in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers...
CVE-2024-54021
An Improper Neutralization of CRLF Sequences in HTTP Headers 'http response splitting' vulnerability CWE-113 in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers...
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...