Lucene search
K
FortinetMost viewed

649 matches found

Fortinet
Fortinet
added 2017/05/17 12:0 a.m.36 views

FortiOS stored XSS vulnerability in the policy global-label parameter

FortiOS is subject to a Cross-Site Scripting vulnerability, due to an improperly sanitized parameter in a hidden CLI configuration setting named 'global-label' . This can however only be exploited by an administrator with write privileges...

3.5CVSS1.1AI score0.00714EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2015/07/24 12:0 a.m.36 views

Multiple XSS vulnerabilities in FortiSandbox WebUI

...

4.3CVSS6.3AI score0.01535EPSS
Exploits1
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.35 views

FortiNAC - Report disclosure to unauthenticated users

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...

5CVSS7.2AI score0.00593EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/03/07 12:0 a.m.35 views

FortiWeb and FortiRecorder - Arbitrary file read through command line pipe

An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiRecorder and FortiWeb may allow an authenticated user to read arbitrary files via specially crafted command arguments...

1.7CVSS5.7AI score0.00225EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/03/07 12:0 a.m.35 views

FortiAuthenticator, FortiDeceptor & FortiMail - Improper restriction over excessive authentication attempts

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiAuthenticator, FortiDeceptor & FortiMail may allow a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form...

5CVSS5.9AI score0.01808EPSS
Exploits1Affected Software3
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.35 views

FortiPortal - Device password exposure in audit log

An insertion of sensitive information into log file vulnerability CWE-532 in the FortiPortal management interface may allow a remote authenticated attacker to read other devices' passwords in the audit log page...

4CVSS6AI score0.00687EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/02/01 12:0 a.m.35 views

FortiWeb - OS command injection due to direct input interpolation in API controllers

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb may allow an authenticated attacker to execute arbitrary code or commands via crafted HTTP requests to ApplicationDelivery, JsonProtection and WebProtection controllers...

6.5CVSS9AI score0.01386EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.35 views

FortiWeb - Open redirect in redir handler due to direct input interpolation

An URL redirection to untrusted site 'Open Redirect' CWE-601 vulnerability in FortiWeb may allow an authenticated attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...

5.8CVSS4.2AI score0.0061EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.35 views

FortiClient (Windows) - Privilege escalation vulnerability

An improper authorization vulnerability CWE-285 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...

7.2CVSS7.2AI score0.00347EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/10/05 12:0 a.m.35 views

FortiWebManager - Injection vulnerabilities

An improper neutralization of input vulnerability CWE-79 in FortiWebManager may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device...

3.5CVSS5.3AI score0.0058EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.35 views

FortiAP - OS command Injection through kdbg CLI command

An instance of improper neutralization of special elements used in an OS Command found in FortiAP's console may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

4.6CVSS7.7AI score0.00295EPSS
Exploits0Affected Software3
Fortinet
Fortinet
added 2021/02/03 12:0 a.m.35 views

XSS vulnerability in FortiWeb

...

4.3CVSS6.3AI score0.1052EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/10/31 12:0 a.m.35 views

FortiClient privilege escalation vulnerability

A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability...

9CVSS3.5AI score0.01822EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/06/15 12:0 a.m.35 views

FortiOS XSS vulnerabilities via User Groups & Config Revision Comments

Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...

3.5CVSS2.2AI score0.00787EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/04/12 12:0 a.m.35 views

FortiWLC-SD Privilege escalation vulnerability using copy running-config

The lack of input sanitisation for CLI command 'copy running-config' allows a user with 'admin' or 'superuser' privilege level to gain shell on the FortiWLC-SD with root privilege...

9CVSS4.5AI score0.0151EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2016/12/02 12:0 a.m.35 views

FortiOS Local Admin Password Hash Leak Vulnerability

A read-only administrator may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API , and may therefore be able to crack them...

4CVSS3.1AI score0.01539EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2016/08/09 12:0 a.m.35 views

FortiManager and FortiAnalyzer XSS vulnerability

A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks...

4.3CVSS2.8AI score0.01009EPSS
Exploits0
Fortinet
Fortinet
added 2016/06/23 12:0 a.m.35 views

FortiWeb CSRF Vulnerability

A CSRF vulnerability could allow attackers to change admin password with crafted forms...

6.8CVSS4.2AI score0.00898EPSS
Exploits0
Fortinet
Fortinet
added 2023/10/10 12:0 a.m.34 views

Protect

A use after free vulnerability CWE-416 in FortiOS & FortiProxy may allow an unauthenticated remote attacker to crash the Web Proxy process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection...

5CVSS7.2AI score0.0102EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.34 views

FortiClient (Mac) - update functionality may lead to privilege escalation vulnerability

A download of code without Integrity check vulnerability CWE-494 in FortiClientMac may allow a local attacker to escalate their privileges via modifying the installer upon upgrade...

4.3CVSS7.3AI score0.00121EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.34 views

FortiNAC : Wrong use of cryptographic primitives

A wrong use of cryptographic primitives vulnerability CWE-310 may allow an attacker to compromise FortiNAC's confidentiality and integrity via deciphering some traffic and/or forging specific packets...

4CVSS7.2AI score0.00385EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/09/06 12:0 a.m.34 views

FortiManager & FortiAnalyzer - Inter ADOM information leakage

An improper access control vulnerability CWE-284 in FortiManager and FortiAnalyzer management interface may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information...

3.3CVSS4.8AI score0.0055EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.34 views

FortiClientEMS - Sensitive information leak

A missing encryption of sensitive data vulnerability CWE-311 in FortiClientEMS may allow an authenticated attacker to view sensitive information in clear text via any browser development tools...

4CVSS5.1AI score0.00392EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.34 views

FortiPortal - XSS vulnerability

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiPortal GUI may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid...

4.3CVSS6AI score0.00632EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.34 views

FortiPortal - Reflected cross-site scripting due to wrong sanitization context

Multiple improper neutralization of input during web page generation vulnerabilities CWE-79 in both the customer and provider interfaces of FortiPortal may allow an attacker to perform reflected Cross-site scripting attacks via specially crafted HTTP request parameters...

4.3CVSS6.3AI score0.00562EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.34 views

FortiPortal - Use of a predictable salt and digest-based algorithm for password hashing

A use of one-way hash with a predictable salt CWE-760 vulnerability in the password storing mechanism of FortiPortal may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables...

5CVSS7.4AI score0.00427EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.34 views

FortiPortal - Pervasive SQL injections

Multiple improper neutralization of special elements used in an SQL command vulnerabilities CWE-89 in FortiPortal may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests...

9CVSS9.4AI score0.01655EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.34 views

FortiSandbox - Multiple heap corruption vulnerabilities in command shell

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments...

6.5CVSS8.8AI score0.00768EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/05/05 12:0 a.m.34 views

Privilege Escalation observed in FortiNAC by exploiting the SUDO privileges

A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root by abusing the sudo privileges...

9CVSS7.1AI score0.0081EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/04/06 12:0 a.m.34 views

Improper Authorization vulnerability in FortiADC

An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system...

6.8CVSS5.3AI score0.01154EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/07/16 12:0 a.m.34 views

XSS vulnerability in FortiNAC admin webUI search field

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" in FortiNAC admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI...

4.3CVSS3.7AI score0.00705EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/11/22 12:0 a.m.34 views

Uninitialized memory buffer leak in FortiOS explicit web proxy

An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

5CVSS0.3AI score0.02119EPSS
Exploits1Affected Software1
Fortinet
Fortinet
added 2017/11/22 12:0 a.m.34 views

FortiWebManager 5.8.0 improperly handles admin login access

FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string...

10CVSS2.8AI score0.0278EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2012/12/03 12:0 a.m.34 views

Potential Cross Site Scripting Vulnerability in FortiWeb

...

4.3CVSS2AI score0.00776EPSS
Exploits0
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.33 views

FortiADC & FortiDDoS & FortiDDoS-F - Command injection in log & report module

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC, FortiDDoS and FortiDDoS-F may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

4.3CVSS7.7AI score0.0024EPSS
Exploits0Affected Software3
Fortinet
Fortinet
added 2022/03/01 12:0 a.m.33 views

FortiAnalyzer, FortiManager - bypass of client-side password change policy enforcement

An improper handling of insufficient permissions or privileges vulnerability CWE-280 in FortiAnalyzer and FortiManager may allow an authenticated attacker to bypass the device policy and force the password-change action for its user...

6.5CVSS8.3AI score0.00897EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.33 views

FortiWeb - Reflected cross-site scripting in error controllers

Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...

4.3CVSS6.5AI score0.00652EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.33 views

FortiWeb - Stack-based buffer overflows in API controllers

Multiple stack-based buffer overflows CWE-121 in the API controllers of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...

6.5CVSS8.9AI score0.01397EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.33 views

FortiWeb - Reflected cross-site scripting vulnerability in login handler

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiWeb may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the login webpage...

4.3CVSS0.9AI score0.00885EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.33 views

FortiWLM - SQL Injection in script handlers

An improper neutralization of special elements CWE-79 used in an SQL command vulnerability 'SQL Injection' CWE-89 in FortiWLM may allow an authenticated attacker to disclose sensitive information via crafted HTTP requests to various controllers...

4CVSS6.7AI score0.00967EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/09/07 12:0 a.m.33 views

FortiManager - Excel formula injection in P&O IPv4 Policy names Vulnerability

An improper neutralization of formula elements vulnerability CWE 1236 in FortiManager may allow a local authenticated privileged attacker to execute arbitrary shell code on the end-user's host via inserting CSV formula in the policy names. This is achieved once the user downloads and opens the...

9.3CVSS6.5AI score0.00488EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.33 views

FortiSandbox - Multiple path traversals

Improper limitation of a pathname to a restricted directory CWE-22 vulnerabilities in FortiSandbox may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.c...

4CVSS6.2AI score0.00903EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.33 views

FortiSandbox - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...

4.3CVSS6.2AI score0.00614EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.33 views

FortiPortal - Path traversal in controller

A protection mechanism failure vulnerability CWE-693 resulting in improperly limiting pathname to a restricted directory in FortiPortal may allow an authenticated attacker to perform a path traversal attack via maliciously crafted GET parameters...

4CVSS6.3AI score0.011EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.33 views

FortiManager and FortiAnalyzer - Multiple reflected XSS

Multiple improper neutralization of input during web page generation CWE-79 in FortiManager and FortiAnalyzer user interface may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious payload in GET parameters...

3.5CVSS5AI score0.00599EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2020/10/19 12:0 a.m.33 views

Privilege escalation vulnerability in FortiClient for Linux

...

6.5AI score0.00227EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/09/24 12:0 a.m.33 views

Protect

...

6.6AI score0.00862EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/03/09 12:0 a.m.33 views

Authorizations Bypass in the FortiPresence portal parameters

Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters...

4CVSS6.2AI score0.00594EPSS
Exploits0
Fortinet
Fortinet
added 2018/06/22 12:0 a.m.33 views

FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file

An information disclosure vulnerability exists in the SSL-VPN web portal of FortiOS: when pages bookmarked in the web portal use the Single sign-on SSO feature, the user's webportal's login and password are included in a javascript file sent client-side. The leaked credential may potentially be...

4.3CVSS0.3AI score0.02149EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/11/17 12:0 a.m.33 views

FortiWeb Stored XSS vulnerability on webUI certificate view page

There exists a persistent Cross-site Scripting XSS vulnerability on FortiWeb's webUI Certificate View page, which can be triggered via malicious certificate import...

3.5CVSS2.9AI score0.00331EPSS
Exploits0Affected Software1
Total number of security vulnerabilities649