Lucene search
K

37 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.25 views

Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication FortiToken if they change the case in their username...

9.8CVSS8.9AI score0.49344EPSS
In wildExploits0
BDU FSTEC
BDU FSTEC
added 2021/09/23 12:0 a.m.6 views

The vulnerability of the FortiOS operating system, related to deficiencies in authentication procedures, allows attackers to gain access to the system without requiring a second authentication factor.

The vulnerability of the FortiOS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain access to the system remotely, without requiring a second authentication factor FortiToken...

10CVSS8.1AI score0.49344EPSS
Exploits0References4Affected Software2
VulnCheck KEV
VulnCheck KEV
added 2021/04/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-12812

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication FortiToken if they change the case in their username...

9.8CVSS7.4AI score0.49344EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/10/02 12:0 a.m.152 views

Fortinet FortiOS < 6.0.10 / 6.2.x < 6.2.4 / 6.4.x < 6.4.1 Improper Authentication (FG-IR-19-283)

The remote host is running a version of FortiOS prior to 6.0.10, 6.2.x prior to 6.2.4, or 6.4.x prior to 6.4.1. It is, therefore, affected by an improper authentication vulnerability due to an issue with the 'username-case-sensitivity' CLI attribute for the SSL VPN. An unauthenticated, remote...

9.8CVSS8.7AI score0.49344EPSS
Exploits0References2
CNVD
CNVD
added 2020/08/05 12:0 a.m.2 views

Fortinet FortiOS SSL VPN Authorization Issues Vulnerability

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam, etc. SSL VPN is one of the virtual private netwo...

9.8CVSS9.3AI score0.49344EPSS
Exploits0References1
NVD
NVD
added 2020/07/24 11:15 p.m.27 views

CVE-2020-12812

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...

9.8CVSS9.8AI score0.49344EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/07/24 10:28 p.m.29 views

CVE-2020-12812

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...

9.7AI score0.49344EPSS
Exploits0References1
Fortinet
Fortinet
added 2020/07/13 12:0 a.m.98 views

Protect

An improper authentication vulnerability in SSL VPN in FortiOS may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...

7.5CVSS8.9AI score0.49344EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2020/07/13 12:0 a.m.4 views

PT-2020-6439

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0.0 through 6.0.9 FortiOS versions 6.2.0 through 6.2.3 FortiOS version 6.4.0 Description An improper authentication issue exists in the SSL VPN functionality of FortiOS. This allows attackers to bypass two-factor...

10CVSS10AI score0.49344EPSS
Exploits0References62
BDU FSTEC
BDU FSTEC
added 2018/10/31 12:0 a.m.5 views

The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability in the FortiOS operating system’s web interface stems from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code during the activation of FortiToken using the “action” parameter...

6.1CVSS5.7AI score0.08112EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2017/09/12 2:29 a.m.2 views

CVE-2017-3132

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...

6.1CVSS5.8AI score0.08112EPSS
Exploits5References4
Prion
Prion
added 2017/09/12 2:29 a.m.18 views

Cross site scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...

4.3CVSS6.1AI score0.08112EPSS
Exploits5References4Affected Software1
NVD
NVD
added 2017/09/12 2:29 a.m.16 views

CVE-2017-3132

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...

6.1CVSS6.2AI score0.08112EPSS
Exploits5References4
Cvelist
Cvelist
added 2017/09/12 2:0 a.m.28 views

CVE-2017-3132

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...

6.1AI score0.08112EPSS
Exploits5References4
Vulnrichment
Vulnrichment
added 2017/09/12 2:0 a.m.11 views

CVE-2017-3132

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...

6.9AI score0.08112EPSS
Exploits5References4
Fortinet
Fortinet
added 2017/07/28 12:0 a.m.42 views

FortiOS XSS vulnerabilities via FortiView Application filter, FortiToken activation & SSL VPN Replacement Messages

Three XSS vulnerabilities...

4.3CVSS2.7AI score0.10677EPSS
Exploits6Affected Software1
CNVD
CNVD
added 2015/02/03 12:0 a.m.6 views

Fortinet FortiAuthenticator Appliance Command Execution Vulnerability

Fortinet FortiAuthenticator is a family of secure authentication software from Fortinet that can be combined with FortiToken two-factor authentication token to provide secure two-factor authentication to third-party devices authenticated via RADIUS or LDAP. A command execution vulnerability exist...

4CVSS7.7AI score0.01434EPSS
Exploits0References1
Rows per page
Query Builder