649 matches found
FortiOS stored XSS vulnerability in the policy global-label parameter
FortiOS is subject to a Cross-Site Scripting vulnerability, due to an improperly sanitized parameter in a hidden CLI configuration setting named 'global-label' . This can however only be exploited by an administrator with write privileges...
Multiple XSS vulnerabilities in FortiSandbox WebUI
...
FortiNAC - Report disclosure to unauthenticated users
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...
FortiWeb and FortiRecorder - Arbitrary file read through command line pipe
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiRecorder and FortiWeb may allow an authenticated user to read arbitrary files via specially crafted command arguments...
FortiAuthenticator, FortiDeceptor & FortiMail - Improper restriction over excessive authentication attempts
An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiAuthenticator, FortiDeceptor & FortiMail may allow a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form...
FortiPortal - Device password exposure in audit log
An insertion of sensitive information into log file vulnerability CWE-532 in the FortiPortal management interface may allow a remote authenticated attacker to read other devices' passwords in the audit log page...
FortiWeb - OS command injection due to direct input interpolation in API controllers
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb may allow an authenticated attacker to execute arbitrary code or commands via crafted HTTP requests to ApplicationDelivery, JsonProtection and WebProtection controllers...
FortiWeb - Open redirect in redir handler due to direct input interpolation
An URL redirection to untrusted site 'Open Redirect' CWE-601 vulnerability in FortiWeb may allow an authenticated attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...
FortiClient (Windows) - Privilege escalation vulnerability
An improper authorization vulnerability CWE-285 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...
FortiWebManager - Injection vulnerabilities
An improper neutralization of input vulnerability CWE-79 in FortiWebManager may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device...
FortiAP - OS command Injection through kdbg CLI command
An instance of improper neutralization of special elements used in an OS Command found in FortiAP's console may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...
XSS vulnerability in FortiWeb
...
FortiClient privilege escalation vulnerability
A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability...
FortiOS XSS vulnerabilities via User Groups & Config Revision Comments
Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...
FortiWLC-SD Privilege escalation vulnerability using copy running-config
The lack of input sanitisation for CLI command 'copy running-config' allows a user with 'admin' or 'superuser' privilege level to gain shell on the FortiWLC-SD with root privilege...
FortiOS Local Admin Password Hash Leak Vulnerability
A read-only administrator may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API , and may therefore be able to crack them...
FortiManager and FortiAnalyzer XSS vulnerability
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks...
FortiWeb CSRF Vulnerability
A CSRF vulnerability could allow attackers to change admin password with crafted forms...
Protect
A use after free vulnerability CWE-416 in FortiOS & FortiProxy may allow an unauthenticated remote attacker to crash the Web Proxy process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection...
FortiClient (Mac) - update functionality may lead to privilege escalation vulnerability
A download of code without Integrity check vulnerability CWE-494 in FortiClientMac may allow a local attacker to escalate their privileges via modifying the installer upon upgrade...
FortiNAC : Wrong use of cryptographic primitives
A wrong use of cryptographic primitives vulnerability CWE-310 may allow an attacker to compromise FortiNAC's confidentiality and integrity via deciphering some traffic and/or forging specific packets...
FortiManager & FortiAnalyzer - Inter ADOM information leakage
An improper access control vulnerability CWE-284 in FortiManager and FortiAnalyzer management interface may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information...
FortiClientEMS - Sensitive information leak
A missing encryption of sensitive data vulnerability CWE-311 in FortiClientEMS may allow an authenticated attacker to view sensitive information in clear text via any browser development tools...
FortiPortal - XSS vulnerability
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiPortal GUI may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid...
FortiPortal - Reflected cross-site scripting due to wrong sanitization context
Multiple improper neutralization of input during web page generation vulnerabilities CWE-79 in both the customer and provider interfaces of FortiPortal may allow an attacker to perform reflected Cross-site scripting attacks via specially crafted HTTP request parameters...
FortiPortal - Use of a predictable salt and digest-based algorithm for password hashing
A use of one-way hash with a predictable salt CWE-760 vulnerability in the password storing mechanism of FortiPortal may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables...
FortiPortal - Pervasive SQL injections
Multiple improper neutralization of special elements used in an SQL command vulnerabilities CWE-89 in FortiPortal may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests...
FortiSandbox - Multiple heap corruption vulnerabilities in command shell
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments...
Privilege Escalation observed in FortiNAC by exploiting the SUDO privileges
A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root by abusing the sudo privileges...
Improper Authorization vulnerability in FortiADC
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system...
XSS vulnerability in FortiNAC admin webUI search field
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" in FortiNAC admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI...
Uninitialized memory buffer leak in FortiOS explicit web proxy
An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...
FortiWebManager 5.8.0 improperly handles admin login access
FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string...
Potential Cross Site Scripting Vulnerability in FortiWeb
...
FortiADC & FortiDDoS & FortiDDoS-F - Command injection in log & report module
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC, FortiDDoS and FortiDDoS-F may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
FortiAnalyzer, FortiManager - bypass of client-side password change policy enforcement
An improper handling of insufficient permissions or privileges vulnerability CWE-280 in FortiAnalyzer and FortiManager may allow an authenticated attacker to bypass the device policy and force the password-change action for its user...
FortiWeb - Reflected cross-site scripting in error controllers
Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...
FortiWeb - Stack-based buffer overflows in API controllers
Multiple stack-based buffer overflows CWE-121 in the API controllers of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...
FortiWeb - Reflected cross-site scripting vulnerability in login handler
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiWeb may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the login webpage...
FortiWLM - SQL Injection in script handlers
An improper neutralization of special elements CWE-79 used in an SQL command vulnerability 'SQL Injection' CWE-89 in FortiWLM may allow an authenticated attacker to disclose sensitive information via crafted HTTP requests to various controllers...
FortiManager - Excel formula injection in P&O IPv4 Policy names Vulnerability
An improper neutralization of formula elements vulnerability CWE 1236 in FortiManager may allow a local authenticated privileged attacker to execute arbitrary shell code on the end-user's host via inserting CSV formula in the policy names. This is achieved once the user downloads and opens the...
FortiSandbox - Multiple path traversals
Improper limitation of a pathname to a restricted directory CWE-22 vulnerabilities in FortiSandbox may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.c...
FortiSandbox - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...
FortiPortal - Path traversal in controller
A protection mechanism failure vulnerability CWE-693 resulting in improperly limiting pathname to a restricted directory in FortiPortal may allow an authenticated attacker to perform a path traversal attack via maliciously crafted GET parameters...
FortiManager and FortiAnalyzer - Multiple reflected XSS
Multiple improper neutralization of input during web page generation CWE-79 in FortiManager and FortiAnalyzer user interface may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious payload in GET parameters...
Privilege escalation vulnerability in FortiClient for Linux
...
Protect
...
Authorizations Bypass in the FortiPresence portal parameters
Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters...
FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file
An information disclosure vulnerability exists in the SSL-VPN web portal of FortiOS: when pages bookmarked in the web portal use the Single sign-on SSO feature, the user's webportal's login and password are included in a javascript file sent client-side. The leaked credential may potentially be...
FortiWeb Stored XSS vulnerability on webUI certificate view page
There exists a persistent Cross-site Scripting XSS vulnerability on FortiWeb's webUI Certificate View page, which can be triggered via malicious certificate import...