649 matches found
FortiWLC XSS injection via crafted HTTP POST request
The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. A successful attack would involve getting a targeted victim with an open session on the WebUI t...
FortiManager TLS certificate validation failure
FortiManager does not properly validate TLS certificates when probing for devices to administer. This leads to potential pre-shared secret exposure...
FortiWLC Undocumented Hardcoded core Account
FortiWLC comes with a hardcoded account named 'core' which is used by Meru Access Points to send core dumps to the FortiWLC and has read/write privileges over various parts of the system...
FortiExtender - multiple command injection vulnerabilities in webserver
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the webserver of FortiExtender may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters...
FortiNAC - Multiple reflected cross-site scripting vulnerabilities in portal UI
Multiple improper neutralization of input during web page generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiNAC portal UI may allow an attacker to perform an XSS attack via crafted HTTP requests...
FortiWLM - SQL Injection in script handlers
An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiWLM may allow an unauthenticated user to taint database data and extract sensitive informations via crafted HTTP requests to alarm and device handlers...
FortiSDNConnector - Credential leak
An insufficiently protected credentials vulnerability CWE-522 in FortiSDNConnector may allow an authenticated user to obtain third party device credentials via visiting the configuration page in the WebUI...
Protect
FortiOS versions 6.2.4 and below...
XSS vulnerability in the Dashboard name parameter of FortiADC
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack XSS via the name parameter...
XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb
An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Disclaimer Description of a Replacement Message...
FortiWeb SNMPv3 user password viewable in HTML source code
The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext...
FortiAnalyzer, FortiManager Open Redirect Vulnerability
The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect...
FortiManager and FortiAnalyzer Client Side XSS vulnerability
A client side XSS vulnerablity in FortiManager/FortiAnalyzer could allow malicious script being injected in the Web-UI; this potentially enables XSS attacks...
FortiWeb - Weak generation of WAF session IDs leads to session fixation
A condition for session fixation vulnerability CWE-384 in the session management of FortiWeb may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session...
Session ID does not expire after logout in FortiIsolator
An insufficient session expiration vulnerability in FortiIsolator may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
XSS vulnerability in the URL Description of URL filter
An improper neutralization of input vulnerability in the URL Description of FortiIsolator may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via a parameter of the request...
FortiSIEM - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious JavaScript code into the description field o...
Use of hardcoded credentials for communication between Meru access points and FortiWLC
FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had read/write privileges over various parts of the system. Starting with FortiWLC 7.0.13 and FortiWLC 8.4.0, the accounts are now completely removed and do not persist over firmwar...
FortiWeb's cookie tampering protection can be bypassed by erasing the FortiWeb session cookie
An improper access control vulnerability in FortiWeb's Signed Security mode may allow an attacker to disable the cookie tampering protection offered by FortiWeb to sites FortiWeb protects, via deleting FortiWeb's session cookie...
FortiOS XSS via srcintf during Firewall Policy Creation
An XSS vulnerability caused by the scrintf parameter input during Firewall Policy Creation can be exploited to load and run a remote malicious Javascript in a logged in browser...
XSS Vulnerability in FortiWeb Site Publisher
The Site Publisher functionality of FortiWeb has been found vulnerable to a Cross-Site Scripting vulnerability via an improperly sanitized parameter in a POST request...
FortiClient SSLVPN Linux - Arbitrary write to log file
The first launch of FortiClient SSLVPN Linux creates a log file without any prior check. By previously creating a symbolic or hard link with the name of the log file to any file in the filesystem, an attacker may smash the latter existing file. This is due to the fact that the first launch of...
DUHK Attack against Fortinet Products
When devices use ANSI X9.31 RNG which was removed from the list of FIPS-approved random number generation algorithms in January 2016 to generate cryptographic key under a static seed and under use with long-lived security tunnels like SSL/TLS/SSH/IPSec, such devices are vulnerable to the DUHK...
FortiSwitch rest_admin account exposed under specific conditions
During an upgrade to version 3.4.1, a FortiSwitch device may let an attacker log in the restadmin account without a password, if all the conditions below are met: The FortiSwitch device is in FortiLink managed mode not the default mode The FortiSwitch device does not have a management FortiGate, ...
Fortiweb path traversal vulnerability
A path traversal vulnerability allows an administrator account with read and write privileges to read arbitrary files using the autolearn feature...
FortiTester - Missing account lockout on telnet port
An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiTester Telnet port may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack...
FortiSOAR - OS Command Injection in Agent Password Field
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests...
FortiMail - Unsafe handling of CGI environment parameters in web server framework
An improper input validation CWE-20 vulnerability in the web server CGI facilities of FortiMail may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests...
FortiWeb - Stack-based buffer overflow due to type mismatch
A stack-based buffer overflow vulnerability CWE-121 in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via SAML login using a crafted certificate...
Protect
A relative path traversal CWE-23 vulnerabiltiy in FortiOS and FortiProxy may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page...
FortiWeb - OS command injection
Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
FortiClientMac - Privilege escalation by abusing a Symlink following vulnerability
A UNIX symbolic link Symlink Following CWE-61 vulnerability in FortiClient for MacOS may allow a local and unprivileged user to overwrite privileged shell scripts executed during the installation phase via escalating their privileges to root...
FortiWLC - XSS vulnerability
An improper neutralization of input during web page generation in FortiWLC web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a stored cross site scripting attack XSS via injecting malicious payloads in...
Potential XSS in "CSRF validation failure" page due to lack of referer sanitization
On FortiAuthenticator, a HTML page is returned to the user when the CSRF validation fails on referer mismatch. This page displays the faulty referer without sanitizing it. Therefore, in an attack scenario where the referer could be manipulated, the attacker could inject malicious scripts in the...
Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI
...
FortiWLC - Improper authenticated access control
An improper access control vulnerability CWE-284 in FortiWLC may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions...
FortiMail - Insecure PRNG in password and token generation scheme of IBE authentication
A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of FortiMail Identity Based Encryption service may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials...
FortiWAN - OS command injection leads to privilege escalation
An OS command injection CWE-78 vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command...
XSS vulnerability in the Description Area of the Admin Profile
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Description Area...
Protect
Makers of popular WiFi hacking tool hashcat have discovered a way to improve password brute-forcing of the WPA/WPA2 wifi network security standards. By leveraging the PMKID served by access points in WPA/WPA2 enabled WiFi networks, attackers gain knowledge of a pre-shared key hash, which can be...
FortiAnalyzer and FortiManager stored XSS vulnerability in report filters
A cross-site-scripting vulnerablity in FortiAnalyzer/FortiManager in advanced settings page could allow an administrator to inject scripts in the add filter field...
FortiWLC Undocumented Hardcoded Rsync Account
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which has read/write privileges over various parts of the system...
Potential Cross Site Scripting Vulnerability in FortiDB
...
FortiWLM - stored cross-site scripting in hotspot profile controller
An improper neutralization of input during web page generation vulnerability 'Cross-site Scripting' CWE-79 in FortiWLM may allow an authenticated attacker to perform a stored cross site scripting attack XSS via storing malicious payloads and trigger the attack on victim's client via various...
FortiSandbox, FortiWeb, FortiADC, FortiMail - Multiple cryptographic flaws allow for full LDAP and RADIUS passwords compromise
A missing cryptographic steps vulnerability CWE-325 in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox, FortiWeb, FortiADC, and FortiMail may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.Â...
FortiMail - Improper use of cryptographic primitives in IBE KeyStore
Missing cryptographic steps in FortiMail IBE may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext...
Multiple Vulnerabilities in FortiManager
...
FortiOS CAPWAP server two vulnerabilities
...
FortiSOAR - HTML Injection Vulnerabilities
Improper neutralization of input during web page generation CWE-79 in FortiSOAR may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR...
FortiWLC - Improper access control
An improper access control CWE-284 vulnerability in FortiWLC may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by just specifying the correct URL. The vulnerability applies only to limited CGI resources and might allow the...