649 matches found
FortiManager - Excel formula injection in P&O IPv4 Policy names Vulnerability
An improper neutralization of formula elements vulnerability CWE 1236 in FortiManager may allow a local authenticated privileged attacker to execute arbitrary shell code on the end-user's host via inserting CSV formula in the policy names. This is achieved once the user downloads and opens the...
FortiSandbox - Multiple path traversals
Improper limitation of a pathname to a restricted directory CWE-22 vulnerabilities in FortiSandbox may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.c...
FortiSandbox - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...
FortiSandbox - SQL Injection vulnerabilities
Instances of SQL Injection vulnerabilities in FortiSandbox's checksum search and MTA-quarantine modules may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests...
Privilege escalation vulnerability in FortiClient for Linux
...
Protect
...
Authorizations Bypass in the FortiPresence portal parameters
Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters...
FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file
An information disclosure vulnerability exists in the SSL-VPN web portal of FortiOS: when pages bookmarked in the web portal use the Single sign-on SSO feature, the user's webportal's login and password are included in a javascript file sent client-side. The leaked credential may potentially be...
FortiWeb Stored XSS vulnerability on webUI certificate view page
There exists a persistent Cross-site Scripting XSS vulnerability on FortiWeb's webUI Certificate View page, which can be triggered via malicious certificate import...
FortiManager and FortiAnalyzer Persistent XSS vulnerability
When a low privileged user uploads images in the report section, the filenames are not properly sanitized; this potentially enables stored XSS attacks...
FortiADC Cross-Site Scripting Vulnerability
...
FortiAuthenticator Privilege Escalation Vulnerability
...
FortiNAC - open redirect in defaultUrl parameter
A URL redirection to untrusted site 'Open Redirect' vulnerability CWE-601 in FortiNAC may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL...
FortiWeb - OS command injection due to unsafe input validation function
An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWeb may allow authenticated users to execute unauthorized code or commands via crafted HTTP GET requests to WAD configuration handlers...
FortiWeb - Stack-based buffer overflow in command line interpreter
Multiple stack-based buffer overflows CWE-121 in the command line interpreter of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands...
FortiAuthenticator - "Mandatory password and OTP" setting not enforcing OTP on unimported remote users
An incorrect implementation of authentication algorithm vulnerability CWE-303 in FortiAuthenticator may allow an user whose LDAP account is unimported to bypass the second factor of authentication via a RADIUS login portal...
FortiManager - ADOMs script information leaked in FortiGate CLI
An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiManager may allow a FortiGate user to see scripts from other ADOMS...
FortiClientEMS - Directory Traversal vulnerability
A path traversal vulnerability CWE-22 in FortiClientEMS may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...
FortiManager & FortiAnalyzer - HTTP response splitting vulnerability
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability In FortiManager and FortiAnalyzer GUI may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of...
FortiMail - Memory leak in Webmail
A missing release of memory after its effective lifetime vulnerability CWE-401 in FortiMail Webmail may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests...
Potential sensitive information can be displayed in cleartext in FortiProxy CLI window
...
XSS vulnerability in the UserID of Admin Users in FortiNAC
...
HTML Injection Vulnerability observed in FortiAnalyzer and FortiTester
...
FortiSIEM is vulnerable to a CSRF attack
A Cross-Site Request Forgery CSRF vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link...
XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb
An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Disclaimer Description of a Replacement Message...
FortiSandbox reflected XSS in the file scan component
A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiSandbox may allow an attacker to execute unauthorized code or commands via the backurl parameter in the file scan component...
FortiWLC XSS injection via crafted HTTP POST request
The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. A successful attack would involve getting a targeted victim with an open session on the WebUI t...
FortiSIEM - Use of a Broken or Risky Cryptographic Algorithm
A use of a broken or risky cryptographic algorithm CWE-327 in FortiSIEM may allow a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...
FortiWeb - XSS vulnerability in HTML generated attack report files
An improper neutralization of input during web page generation CWE-79 in the FortiWeb web interface may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack XSS via injecting malicious payload in log entries used to build report...
FortiSandbox - SQL injection in certificate downloading feature
An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiSandbox may allow a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request...
Meru AP - Unrestricted execution of OS commands as root
An improper sanitization of commands elements OS Command Injection vulnerability CWE-78 in Meru AP may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted commands in Meru AP's CLI...
FortiPortal - Uncontrolled memory allocation
A memory allocation with excessive size value vulnerability CWE-789 in the license verification function of FortiPortal may allow an attacker to perform a denial of service attack via specially crafted license blobs...
FortiClientEMS - Session cookie does not expire after logout
An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
FortiWeb - OS Command Injection because of missing input parameter sanitization
Multiple improper neutralization of special elements vulnerabilities CWE-89 used in a command in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
FortiMail - Improper cryptographic operations in cookie encryption potentially prone to forgery
The combination of various cryptographic issues in the session management of FortiMail, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges...
FortiClient NDIS Miniport Driver Null Pointer Dereference
There is a Null pointer dereference in the NDIS Miniport drivers in FortiClient on Windows, which may be leveraged by an unprivileged user to cause a Denial of Service BSOD...
ISC BIND vulnerabilities
Multiple Denial of Service DoS or process crash vulnerabilities CVE-2018-5737, CVE-2018-5736 are affecting ISC BIND...
FortiOS web GUI logindisclaimer redir parameter XSS vulnerability
A reflected XSS vulnerability exists in FortiOS web GUI "Login Disclaimer" redir parameter. It is potentially exploitable by a remote unauthenticated attacker, via sending a maliciously crafted URL to a victim who has an open session on the web GUI. Visiting that malicious URL may cause the...
FortiClient SSLVPN Linux client local privilege escalation vulnerability
...
FortiWeb Cross-Site Scripting Vulnerabilities
...
Improper Guest User Permission Management Issue in FortiGate
...
FortiExtender - multiple command injection vulnerabilities in webserver
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the webserver of FortiExtender may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters...
FortiWeb - Weak generation of WAF session IDs leads to session fixation
A condition for session fixation vulnerability CWE-384 in the session management of FortiWeb may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session...
FortiAuthenticator - Improper access control in HA service
An improper access control vulnerability CWE-284 in FortiAuthenticator HA service may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database...
Protect
An insufficient verification of data authenticity vulnerability CWE-345 in the user interface of FortiProxy and FortiGate SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery CSRF attack . Only SSL VPN in web mode or full mode are impacted by this...
FortiNAC - Privilege Escalation via exploiting the SUDO privileges.
A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root via the sudo command...
FortiSandbox - Session ID does not expire after logout
An insufficient session expiration vulnerability CWE-613 in FortiSandbox may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID via other, hypothetical attacks...
FortiManager & FortiAnalyzer - Improper validation of dispatcher socket parameters
A server-side request forgery SSRF CWE-918 vulnerability in FortiManager and FortiAnalyser GUI may allow a remote and authenticated attacker to access unauthorized  files and services on the system via specifically crafted web requests...
Protect
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to superadmin, via restoring modified configurations...
FortiWeb Recursive URL Decoding is not enabled by default
FortiWeb's "Recursive URL Decoding" feature can detect URL-based attacks among which XSS and SQL injection attempts even when the malicious URL is recursively encoded. However, this feature is not enabled by default in FortiWeb's system settings for FortiWeb version 6.0.0 and below...