628 matches found
The vulnerability of the CLI component of the FortiOS operating system for FortiGate network interfaces allows a hacker to disclose sensitive information.
The vulnerability of the CLI component of the FortiOS operating system and the FortiGate network interface devices is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
Fortinet Fortigate Heap-based buffer overflow in cw_stad daemon (FG-IR-25-026)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-026 advisory. - A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through...
Fortinet Fortigate DNS type 65 resource record requests bypass DNS filter (FG-IR-24-053)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-053 advisory. - An Improperly Implemented Security Check for Standard vulnerability CWE-358 in FortiOS version 7.6.0, version 7.4.7 and...
Fortinet Fortigate PKI via API: Authentication granted with an invalid certificate (FG-IR-24-511)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-511 advisory. - A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0...
U.S. Dept Of Defense: Reflected XSS via user Parameter in /ssl-vpn/getconfig.esp
A reflected Cross-Site Scripting XSS vulnerability was discovered in the user parameter of the /ssl-vpn/getconfig.esp endpoint. This allowed an attacker to inject and execute arbitrary JavaScript in a user's browser. The vulnerability was found on a .mil domain associated with a VPN configuration...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security...
Fortinet Fortigate Privilege escalation in GUI websocket module (FG-IR-25-006)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-006 advisory. - An Improper Privilege Management vulnerability CWE-269 affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 throug...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...
Fortinet Fortigate Information Disclosure on SSLVPN endpoint (FG-IR-24-257)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-257 advisory. - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 in FortiOS version 7.6.0, version 7.4.7...
Fortinet Fortigate Privilege escalation in automation-stitch (FG-IR-24-385)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-385 advisory. - AnAuthentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS and FortiProxymay allow an...
Fortinet Fortigate Insufficient Session Expiration in SSL-VPN cookie (FG-IR-24-339)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-339 advisory. - An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version...
Fortinet Fortigate SSH key is added even if operation is aborted (FG-IR-23-008)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-008 advisory. - An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2...
Fortinet Fortigate Weak authentication in security fabric daemon (FG-IR-24-058)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-058 advisory. - A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through...
Fortinet Fortigate Firewall session injection in FGSP (FG-IR-24-287)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-287 advisory. - An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 throug...
Fortinet Fortigate eap-cert-auth bypass via revoked certificate (FG-IR-24-544)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-544 advisory. - An Improper Certificate Validation vulnerability CWE-295 in FortiOS version 7.6.1 and below, version 7.4.7 and below may...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An out-of-bounds read vulnerabili...
CVE-2024-31489
AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...
CVE-2022-42469
A permissive list of allowed inputs vulnerability CWE-183 in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal...
CVE-2022-45857
An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...
CVE-2022-22302
A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet privat...