146 matches found
Fortinet Fortigate xss (FG-IR-23-471)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-471 advisory. - An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS versi...
Fortinet Fortigate Weak key derivation for backup file (FG-IR-23-423)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-423 advisory. - A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and...
PT-2024-19670 · Fortinet · Fortiweb
Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3 and all versions prior to 7.0.8 FortiWeb versions 7.2.4 and below FortiWeb version 7.4.0 Description: The issue allows an authenticated attacker to read password hashes of other administrators via CLI commands. This is d...
CVE-2023-34284
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2023-48784
A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...
Fortinet FortiOS 格式化字符串错误漏洞
Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform from the American company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam security features. The Fortinet FortiOS is...
CVE-2024-23897
A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents expandAtFiles...
PT-2023-8025 · Fortinet · Fortiswitch +4
Name of the Vulnerable Software and Affected Versions: FortiVoiceEnterprise versions 6.0.x through 6.4.x FortiSwitch versions 6.0.x through 7.0.4 FortiMail versions 6.0.x through 7.0.3 FortiRecorder versions 2.6.x through 6.4.2 FortiNDR version 1.x.x Description: A cross-site request forgery CSRF...
PT-2023-7306 · Zyxel · Zyxel Nwa50Ax +8
Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 4.32 through 5.37 Zyxel USG FLEX series versions 4.50 through 5.37 Zyxel USG FLEX 50W series versions 4.16 through 5.37 Zyxel USG20W-VPN series versions 4.16 through 5.37 Zyxel VPN series versions 4.30 through 5.37...
CVE-2023-43072
Dell SmartFabric Storage Software v1.4 and earlier contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands...
CVE-2023-34039
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI...
While trying to gather logs the file shows "Could not process the file. File size is too large".
- While trying to reach the logs via the ADC GUI it says "Could not process the file. File size is too large " - The file is not that large less than 1-5 MB and can be observed via CLI or extracted via SFTP. - Only fails via GUI...
CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
Authentication flaw
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
CVE-2022-26119
Affected software : Fortinet FortiSIEM versions prior to 6.5.0. Vulnerability : Improper authentication allowing a local attacker with CLI access to perform operations on the Glassfish server via a hardcoded password. The root cause is hardcoded/default credentials used when connecting to Glassfi...
FortiSIEM - Glassfish local credentials stored in plain text
An improper authentification vulnerability CWE-287 in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
CVE-2022-22248
An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...
CVE-2022-22248 Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands
An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...
CVE-2022-23442
An improper access control vulnerability CWE-284 in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands...