Lucene search
K

628 matches found

BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.8 views

The vulnerability of the CLI component of the FortiOS operating system for FortiGate network interfaces allows a hacker to disclose sensitive information.

The vulnerability of the CLI component of the FortiOS operating system and the FortiGate network interface devices is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

5CVSS5.4AI score0.00529EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/07/08 12:0 a.m.8 views

Fortinet Fortigate Heap-based buffer overflow in cw_stad daemon (FG-IR-25-026)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-026 advisory. - A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through...

6.7CVSS6.2AI score0.00211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/08 12:0 a.m.11 views

Fortinet Fortigate DNS type 65 resource record requests bypass DNS filter (FG-IR-24-053)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-053 advisory. - An Improperly Implemented Security Check for Standard vulnerability CWE-358 in FortiOS version 7.6.0, version 7.4.7 and...

5.3CVSS5.7AI score0.00342EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/08 12:0 a.m.16 views

Fortinet Fortigate PKI via API: Authentication granted with an invalid certificate (FG-IR-24-511)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-511 advisory. - A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0...

7.2CVSS5.7AI score0.00251EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/06/17 2:15 p.m.9 views

U.S. Dept Of Defense: Reflected XSS via user Parameter in /ssl-vpn/getconfig.esp

A reflected Cross-Site Scripting XSS vulnerability was discovered in the user parameter of the /ssl-vpn/getconfig.esp endpoint. This allowed an attacker to inject and execute arbitrary JavaScript in a user's browser. The vulnerability was found on a .mil domain associated with a VPN configuration...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.5 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security...

5.3CVSS6.7AI score0.00337EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/10 12:0 a.m.11 views

Fortinet Fortigate Privilege escalation in GUI websocket module (FG-IR-25-006)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-006 advisory. - An Improper Privilege Management vulnerability CWE-269 affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 throug...

7.2CVSS5.6AI score0.00712EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.5 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...

6.7CVSS6.5AI score0.00237EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/10 12:0 a.m.6 views

Fortinet Fortigate Information Disclosure on SSLVPN endpoint (FG-IR-24-257)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-257 advisory. - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 in FortiOS version 7.6.0, version 7.4.7...

4.3CVSS5.4AI score0.00457EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/10 12:0 a.m.10 views

Fortinet Fortigate Privilege escalation in automation-stitch (FG-IR-24-385)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-385 advisory. - AnAuthentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS and FortiProxymay allow an...

6.7CVSS5.6AI score0.00237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/10 12:0 a.m.8 views

Fortinet Fortigate Insufficient Session Expiration in SSL-VPN cookie (FG-IR-24-339)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-339 advisory. - An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version...

4.8CVSS5.6AI score0.01076EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2025/06/10 12:0 a.m.6 views

Fortinet Fortigate SSH key is added even if operation is aborted (FG-IR-23-008)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-008 advisory. - An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2...

3.2CVSS5.6AI score0.00183EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/10 12:0 a.m.13 views

Fortinet Fortigate Weak authentication in security fabric daemon (FG-IR-24-058)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-058 advisory. - A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through...

5.9CVSS5.6AI score0.00374EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/10 12:0 a.m.11 views

Fortinet Fortigate Firewall session injection in FGSP (FG-IR-24-287)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-287 advisory. - An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 throug...

5.3CVSS5.6AI score0.00337EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/10 12:0 a.m.12 views

Fortinet Fortigate eap-cert-auth bypass via revoked certificate (FG-IR-24-544)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-544 advisory. - An Improper Certificate Validation vulnerability CWE-295 in FortiOS version 7.6.1 and below, version 7.4.7 and below may...

6.5CVSS5.6AI score0.00322EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.5 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An out-of-bounds read vulnerabili...

3.7CVSS6.7AI score0.00626EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.8 views

CVE-2024-31489

AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...

8.1CVSS7AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.6 views

CVE-2022-42469

A permissive list of allowed inputs vulnerability CWE-183 in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal...

4.3CVSS6.6AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:18 a.m.11 views

CVE-2022-45857

An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...

7.5CVSS7AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:27 p.m.7 views

CVE-2022-22302

A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet privat...

5.3CVSS5.9AI score0.0029EPSS
Exploits0References1
Rows per page
Query Builder