Lucene search
K
FortinetMost viewed

649 matches found

Fortinet
Fortinet
added 2021/09/07 12:0 a.m.33 views

FortiManager - Excel formula injection in P&O IPv4 Policy names Vulnerability

An improper neutralization of formula elements vulnerability CWE 1236 in FortiManager may allow a local authenticated privileged attacker to execute arbitrary shell code on the end-user's host via inserting CSV formula in the policy names. This is achieved once the user downloads and opens the...

9.3CVSS6.5AI score0.00488EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.33 views

FortiSandbox - Multiple path traversals

Improper limitation of a pathname to a restricted directory CWE-22 vulnerabilities in FortiSandbox may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.c...

4CVSS6.2AI score0.00903EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.33 views

FortiSandbox - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...

4.3CVSS6.2AI score0.00614EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.33 views

FortiSandbox - SQL Injection vulnerabilities

Instances of SQL Injection vulnerabilities in FortiSandbox's checksum search and MTA-quarantine modules may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests...

6.5CVSS9.3AI score0.00976EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/10/19 12:0 a.m.33 views

Privilege escalation vulnerability in FortiClient for Linux

...

6.5AI score0.00227EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/09/24 12:0 a.m.33 views

Protect

...

6.6AI score0.00862EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/03/09 12:0 a.m.33 views

Authorizations Bypass in the FortiPresence portal parameters

Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters...

4CVSS6.2AI score0.00594EPSS
Exploits0
Fortinet
Fortinet
added 2018/06/22 12:0 a.m.33 views

FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file

An information disclosure vulnerability exists in the SSL-VPN web portal of FortiOS: when pages bookmarked in the web portal use the Single sign-on SSO feature, the user's webportal's login and password are included in a javascript file sent client-side. The leaked credential may potentially be...

4.3CVSS0.3AI score0.02149EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/11/17 12:0 a.m.33 views

FortiWeb Stored XSS vulnerability on webUI certificate view page

There exists a persistent Cross-site Scripting XSS vulnerability on FortiWeb's webUI Certificate View page, which can be triggered via malicious certificate import...

3.5CVSS2.9AI score0.00331EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2016/07/14 12:0 a.m.33 views

FortiManager and FortiAnalyzer Persistent XSS vulnerability

When a low privileged user uploads images in the report section, the filenames are not properly sanitized; this potentially enables stored XSS attacks...

3.5CVSS4.5AI score0.00992EPSS
Exploits0
Fortinet
Fortinet
added 2014/04/03 12:0 a.m.33 views

FortiADC Cross-Site Scripting Vulnerability

...

4.3CVSS6.4AI score0.0188EPSS
Exploits2
Fortinet
Fortinet
added 2013/12/13 12:0 a.m.33 views

FortiAuthenticator Privilege Escalation Vulnerability

...

9CVSS6.4AI score0.01091EPSS
Exploits2
Fortinet
Fortinet
added 2023/05/03 12:0 a.m.32 views

FortiNAC - open redirect in defaultUrl parameter

A URL redirection to untrusted site 'Open Redirect' vulnerability CWE-601 in FortiNAC may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL...

4.3CVSS5.4AI score0.00422EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/02/01 12:0 a.m.32 views

FortiWeb - OS command injection due to unsafe input validation function

An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWeb may allow authenticated users to execute unauthorized code or commands via crafted HTTP GET requests to WAD configuration handlers...

9CVSS8.5AI score0.03323EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/02/01 12:0 a.m.32 views

FortiWeb - Stack-based buffer overflow in command line interpreter

Multiple stack-based buffer overflows CWE-121 in the command line interpreter of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands...

6.5CVSS7.4AI score0.00816EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.32 views

FortiAuthenticator - "Mandatory password and OTP" setting not enforcing OTP on unimported remote users

An incorrect implementation of authentication algorithm vulnerability CWE-303 in FortiAuthenticator may allow an user whose LDAP account is unimported to bypass the second factor of authentication via a RADIUS login portal...

5.5CVSS7.9AI score0.00565EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.32 views

FortiManager - ADOMs script information leaked in FortiGate CLI

An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiManager may allow a FortiGate user to see scripts from other ADOMS...

2.1CVSS4.5AI score0.00218EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/10/05 12:0 a.m.32 views

FortiClientEMS - Directory Traversal vulnerability

A path traversal vulnerability CWE-22 in FortiClientEMS may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...

5.5CVSS5.6AI score0.01109EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.32 views

FortiManager & FortiAnalyzer - HTTP response splitting vulnerability

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability In FortiManager and FortiAnalyzer GUI may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of...

4CVSS5.2AI score0.00773EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.32 views

FortiMail - Memory leak in Webmail

A missing release of memory after its effective lifetime vulnerability CWE-401 in FortiMail Webmail may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests...

5CVSS7.4AI score0.01328EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/03/02 12:0 a.m.32 views

Potential sensitive information can be displayed in cleartext in FortiProxy CLI window

...

4CVSS6.3AI score0.00569EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/09/23 12:0 a.m.32 views

XSS vulnerability in the UserID of Admin Users in FortiNAC

...

4.3CVSS6.3AI score0.01154EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/09/21 12:0 a.m.32 views

HTML Injection Vulnerability observed in FortiAnalyzer and FortiTester

...

3.5CVSS5.7AI score0.00851EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2020/03/12 12:0 a.m.32 views

FortiSIEM is vulnerable to a CSRF attack

A Cross-Site Request Forgery CSRF vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link...

6.8CVSS6.1AI score0.00563EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/03/09 12:0 a.m.32 views

XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb

An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Disclaimer Description of a Replacement Message...

3.5CVSS3.3AI score0.00803EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/04/03 12:0 a.m.32 views

FortiSandbox reflected XSS in the file scan component

A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiSandbox may allow an attacker to execute unauthorized code or commands via the backurl parameter in the file scan component...

4.3CVSS4AI score0.00923EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/10/13 12:0 a.m.32 views

FortiWLC XSS injection via crafted HTTP POST request

The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. A successful attack would involve getting a targeted victim with an open session on the WebUI t...

3.5CVSS5.2AI score0.00538EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.31 views

FortiSIEM - Use of a Broken or Risky Cryptographic Algorithm

A use of a broken or risky cryptographic algorithm CWE-327 in FortiSIEM may allow a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

5CVSS7AI score0.00359EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.31 views

FortiWeb - XSS vulnerability in HTML generated attack report files

An improper neutralization of input during web page generation CWE-79 in the FortiWeb web interface may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack XSS via injecting malicious payload in log entries used to build report...

5.8CVSS6AI score0.00642EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.31 views

FortiSandbox - SQL injection in certificate downloading feature

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiSandbox may allow a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request...

4CVSS6.5AI score0.00628EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.31 views

Meru AP - Unrestricted execution of OS commands as root

An improper sanitization of commands elements OS Command Injection vulnerability CWE-78 in Meru AP may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted commands in Meru AP's CLI...

7.2CVSS5.4AI score0.00264EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.31 views

FortiPortal - Uncontrolled memory allocation

A memory allocation with excessive size value vulnerability CWE-789 in the license verification function of FortiPortal may allow an attacker to perform a denial of service attack via specially crafted license blobs...

5CVSS7.1AI score0.00756EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/10/05 12:0 a.m.31 views

FortiClientEMS - Session cookie does not expire after logout

An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...

7.5CVSS8.9AI score0.03841EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/09/07 12:0 a.m.31 views

FortiWeb - OS Command Injection because of missing input parameter sanitization

Multiple improper neutralization of special elements vulnerabilities CWE-89 used in a command in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...

6.5CVSS8.8AI score0.01919EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.31 views

FortiMail - Improper cryptographic operations in cookie encryption potentially prone to forgery

The combination of various cryptographic issues in the session management of FortiMail, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges...

6.5CVSS8.3AI score0.00692EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/01/11 12:0 a.m.31 views

FortiClient NDIS Miniport Driver Null Pointer Dereference

There is a Null pointer dereference in the NDIS Miniport drivers in FortiClient on Windows, which may be leveraged by an unprivileged user to cause a Denial of Service BSOD...

4.9CVSS4.9AI score0.00434EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/06/05 12:0 a.m.31 views

ISC BIND vulnerabilities

Multiple Denial of Service DoS or process crash vulnerabilities CVE-2018-5737, CVE-2018-5736 are affecting ISC BIND...

5CVSS2.6AI score0.17879EPSS
Exploits3
Fortinet
Fortinet
added 2017/10/24 12:0 a.m.31 views

FortiOS web GUI logindisclaimer redir parameter XSS vulnerability

A reflected XSS vulnerability exists in FortiOS web GUI "Login Disclaimer" redir parameter. It is potentially exploitable by a remote unauthenticated attacker, via sending a maliciously crafted URL to a victim who has an open session on the web GUI. Visiting that malicious URL may cause the...

4.3CVSS2.5AI score0.0128EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2015/07/24 12:0 a.m.31 views

FortiClient SSLVPN Linux client local privilege escalation vulnerability

...

7.2CVSS7.4AI score0.00374EPSS
Exploits0
Fortinet
Fortinet
added 2014/07/10 12:0 a.m.31 views

FortiWeb Cross-Site Scripting Vulnerabilities

...

4.3CVSS6.4AI score0.01161EPSS
Exploits0
Fortinet
Fortinet
added 2013/06/13 12:0 a.m.31 views

Improper Guest User Permission Management Issue in FortiGate

...

6.5CVSS1.8AI score0.01078EPSS
Exploits0
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.30 views

FortiExtender - multiple command injection vulnerabilities in webserver

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the webserver of FortiExtender may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters...

5.8CVSS7.3AI score0.01474EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.30 views

FortiWeb - Weak generation of WAF session IDs leads to session fixation

A condition for session fixation vulnerability CWE-384 in the session management of FortiWeb may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session...

4.4AI score0.01465EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/02/01 12:0 a.m.30 views

FortiAuthenticator - Improper access control in HA service

An improper access control vulnerability CWE-284 in FortiAuthenticator HA service may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database...

3.3CVSS5.2AI score0.00301EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.30 views

Protect

An insufficient verification of data authenticity vulnerability CWE-345 in the user interface of FortiProxy and FortiGate SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery CSRF attack . Only SSL VPN in web mode or full mode are impacted by this...

5.1CVSS8.4AI score0.00422EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.30 views

FortiNAC - Privilege Escalation via exploiting the SUDO privileges.

A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root via the sudo command...

7.2CVSS4.5AI score0.00251EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/09/07 12:0 a.m.30 views

FortiSandbox - Session ID does not expire after logout

An insufficient session expiration vulnerability CWE-613 in FortiSandbox may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID via other, hypothetical attacks...

5CVSS5.5AI score0.0055EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.30 views

FortiManager & FortiAnalyzer - Improper validation of dispatcher socket parameters

A server-side request forgery SSRF CWE-918 vulnerability in FortiManager and FortiAnalyser GUI may allow a remote and authenticated attacker to access unauthorized  files and services on the system via specifically crafted web requests...

4CVSS6.3AI score0.00668EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2019/11/14 12:0 a.m.30 views

Protect

A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to superadmin, via restoring modified configurations...

9CVSS6.9AI score0.01728EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2018/08/23 12:0 a.m.30 views

FortiWeb Recursive URL Decoding is not enabled by default

FortiWeb's "Recursive URL Decoding" feature can detect URL-based attacks among which XSS and SQL injection attempts even when the malicious URL is recursively encoded. However, this feature is not enabled by default in FortiWeb's system settings for FortiWeb version 6.0.0 and below...

3.1AI score
Exploits0Affected Software1
Total number of security vulnerabilities649