Fortinet Fortigate Improper autorization over static files (FG-IR-25-684)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-684 advisory. - An improper authorization vulnerability CWE-285 in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet...

EUVD-2017-16364

Malware in sbrugna...

CVE-2020-29010

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensiti...

Fortinet Fortigate Disclosure of other VDOMs information through CLI commands (FG-IR-20-243)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-243 advisory. - An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2....

CVE-2022-45857

An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...

CVE-2022-23442

An improper access control vulnerability CWE-284 in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands...

CVE-2022-23442

An improper access control vulnerability CWE-284 in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands...

CVE-2021-41032

An improper access control vulnerability CWE-284 in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

CVE-2021-41032

An improper access control vulnerability CWE-284 in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

Improper access control

An improper access control vulnerability CWE-284 in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

Protect

An improper access control vulnerability CWE-284 in FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

Unspecified Vulnerability in FortiManager

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

CVE-2021-26107

An improper access control vulnerability CWE-284 in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...

CVE-2021-26107

An improper access control vulnerability CWE-284 in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...

CVE-2021-26107

An improper access control vulnerability CWE-284 in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...

Fortinet FortiOS < 6.0.11 / 6.2 < 6.2.5 / 6.4 < 6.4.2 Information Disclosure (FG-IR-20-103)

The remote host is running a version of FortiOS prior to 6.0.11, 6.2.x prior to 6.2.5, or 6.4.x prior to 6.4.2. It is, therefore, affected by an information disclosure vulnerability. A remote, authenticated attacker can exploit this, by executing 'get vpn ssl monitor', in order to read the SSL VP...

Vulnerability fixed in FortiGate

A remotely authenticated malicious person is able to view the log entries of SSL VPN events from users in other VDOMs by executing "get vpn ssl monitor" from the command line. The sensitive data includes usernames, user groups and IP addresses. FortiGuard has made updates available to fix the...

Information disclosure

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom...