Lucene search
K
FortinetMost viewed

649 matches found

Fortinet
Fortinet
added 2021/05/05 12:0 a.m.24 views

FortiNDR - OS command injection due to improper input sanitization

An improper input validation in FortiNDR v1.4.0 may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

9CVSS8.4AI score0.0075EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/06/03 12:0 a.m.24 views

Unquoted Service Path Exploit observed in FortiSIEMWindowsAgent

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path...

7.5CVSS5.7AI score0.01545EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/05/25 12:0 a.m.24 views

FortiClient for Windows Insecure Temporary File vulnerability

An Insecure Temporary File CWE-377 vulnerability in FortiClient for Windows may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack...

4.6CVSS3.6AI score0.00506EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/04/04 12:0 a.m.24 views

Unauthenticated XSS (Cross Site Scripting) in FortiMail

An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

4.3CVSS3.6AI score0.01106EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/02/09 12:0 a.m.24 views

Fortinet Connect admin able to gain root access

A webui administrator may create a new theme that performs arbitrary code execution on the system...

6.5CVSS4AI score0.0147EPSS
Exploits0
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.23 views

Protect

An improper access control vulnerability CWE-284 in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted configuration of fabric automation CLI script and auto-script features...

4.6CVSS7.2AI score0.00247EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.23 views

FortiPortal - Denial of service vulnerabilities

Multiple uncontrolled resource consumption vulnerabilities CWE-400 in the web interface of FortiPortal may allow a single low-privileged user to induce a denial of service via multiple HTTP requests...

4CVSS6.4AI score0.00805EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.23 views

FortiPortal - Unrestricted file upload vulnerability

An unrestricted file upload vulnerability CWE-434 in the web interface of FortiPortal may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files...

5.5CVSS7.7AI score0.00734EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/05/05 12:0 a.m.23 views

XSS vulnerability in FortiProxy SSLVPN Portal

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS...

2.9AI score0.00403EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/03/09 12:0 a.m.23 views

XSS vulnerability in the Anomaly Detection Parameter Name

An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated attacker to perform a cross site scripting attack XSS via a parameter of the request...

4.3CVSS4.2AI score0.00998EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/01/15 12:0 a.m.23 views

FortiSIEM default SSH key for the "tunneluser" account is the same across all appliances

A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image...

4AI score0.00623EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/09/24 12:0 a.m.22 views

Protect

...

6.4AI score0.0077EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/05/25 12:0 a.m.22 views

XSS vulnerability in the URL of the FortiGateCloud Login Page

An improper neutralization of input vulnerability in the FortiGateCloud login page may allow a remote unauthenticated attacker to perform a reflected cross site scripting attack XSS via a specifically crafted login request...

3.4AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2014/10/21 12:0 a.m.22 views

FortiADC-E remote network access vulnerability

...

6.9AI score
Exploits0
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.21 views

FortiWLC - Multiple Buffer Overflow vulnerabilities

Multiple instances of stack-based buffer overflow vulnerability CWE-121 in the command line interface of FortiWLC may allow a local, authenticated attacker to crash the access point being managed by the controller and potentially execute unauthorized code via a specifically crafted CLI command...

4.6AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/09/16 12:0 a.m.21 views

XSS vulnerability in FortiOS SSLVPN Portal

...

6.4AI score0.00403EPSS
Exploits0
Fortinet
Fortinet
added 2019/09/23 12:0 a.m.21 views

XSS vulnerability in FortiClientEMS

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

4.4AI score0.00269EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/12/22 12:0 a.m.21 views

FortiClient local privilege escalation exploit chain

A researcher has disclosed several vulnerabilities against FortiClient for Windows, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows...

4.6CVSS2.9AI score0.00337EPSS
Exploits0
Fortinet
Fortinet
added 2013/05/13 12:0 a.m.21 views

Potential Man-In-The Middle Vulnerability in FortiClient VPN

...

6.9AI score
Exploits0
Fortinet
Fortinet
added 2021/02/24 12:0 a.m.20 views

XSS vulnerability in the Security Profiles comments section in FortiGate Cloud

An improper neutralization of input vulnerability in FortiGate Cloud may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the comments section of the Security Profiles...

3.4AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/07/24 12:0 a.m.20 views

Protect

FortiOS Explicit Web Proxy by default allows non-standard HTTP traffic.Â...

6.9AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/04/05 12:0 a.m.19 views

FortiClient SSLVPN Linux - Root privilege escalation with subproc

Fortinet is pleased to thank Grzegorz Wrobel of STMSolutions for reporting this vulnerability under responsible disclosure...

2.1AI score
Exploits0
Fortinet
Fortinet
added 2016/11/15 12:0 a.m.19 views

Blacknurse ICMP DoS attack

BlackNurse is a Denial of Service attack consisting in flooding the target with ICMP Type 3 Code 3 packets. The latter type of packets generally consumes more CPU to be processed than the "traditional" ICMP packets used in classical ping-flood attacks Type 8 Code 0. As such, Blacknurse aims at...

3.8AI score
Exploits0
Fortinet
Fortinet
added 2016/09/12 12:0 a.m.19 views

FortiClient Unencrypted Password Vulnerability

One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials...

2.9AI score
Exploits0
Fortinet
Fortinet
added 2015/07/15 12:0 a.m.19 views

"POODLE has friends" vulnerability

...

6.9AI score
Exploits0
Fortinet
Fortinet
added 2012/10/25 12:0 a.m.19 views

Script Code Injection Vulnerability in FortiMail

...

1.9AI score
Exploits0
Fortinet
Fortinet
added 2022/02/01 12:0 a.m.18 views

FortiWeb - arbitrary file/directory deletion

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in FortiWeb management interface may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem...

8.5CVSS5.3AI score0.0113EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.18 views

FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd

Multiple vulnerabilities in the authentication mechanism of FortiWeb's confd, including an instance of concurrent execution using shared resource with improper synchronization CWE-362 and one of authentication bypass by capture-replay CWE-294, may allow a remote unauthenticated attacker to...

2.8AI score
Exploits0Affected Software2
Fortinet
Fortinet
added 2019/10/18 12:0 a.m.18 views

Protect

Multiple information exposure vulnerabilities in FortiOS may allow an unauthenticated attacker to perform some information gathering via parsing the HTTP headers, web portal certificate, and error messages. The exposed information includes the FortiGate's model, serial number and internal IP...

7AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/07/19 12:0 a.m.18 views

Protect

Certificates taken out of service could potentially be improperly re-used.Â...

6.8AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/04/03 12:0 a.m.18 views

BranchScope: New CPU Side-Channel Attack

A new side-channel attack that takes advantage of the speculative execution feature of modern processors to recover data from targeted users' CPUs has been disclosed It targets the "branch prediction" operations —which is the same part of a CPU speculative execution process as the one targeted ...

6.8AI score
Exploits0
Fortinet
Fortinet
added 2012/10/25 12:0 a.m.18 views

Cross Site Scripting Vulnerability in FortiWeb

...

1.7AI score
Exploits0
Fortinet
Fortinet
added 2012/05/04 12:0 a.m.18 views

Potential Policy Bypass in FortiWeb Web Application Firewall

...

2.5AI score
Exploits0
Fortinet
Fortinet
added 2020/03/11 12:0 a.m.17 views

XSS vulnerability in the FortiManager via the buffer parameter

An improper neutralization of input vulnerability in FortiManager GUI may allow an authenticated attacker to perform an XSS Cross Site Scripting attack via the buffer parameter...

3.9AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/08/27 12:0 a.m.17 views

VPNFilter botnet

On May 23, 2018, Talos disclosed in a blog post the discovery of a modular malware system they deemed "VPNFilter", affecting multiple network devices wordwide, and embedding Botnet capabilities...

1.6AI score
Exploits0
Fortinet
Fortinet
added 2018/08/24 12:0 a.m.17 views

Multiple Cross Site Scripting on FortiCloud Web Interface Login

Before August, 2018, parameters at /loginmgrlogin in forticloud.com were vulnerable to a Cross-Site-Scripting XSS attack...

2.9AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2016/03/16 12:0 a.m.17 views

FortiOS open redirect vulnerability

...

6.9AI score
Exploits0
Fortinet
Fortinet
added 2012/09/14 12:0 a.m.17 views

Potential Cross-Site Vulnerabilities in FortiGate

...

2.2AI score
Exploits0
Fortinet
Fortinet
added 2019/09/17 12:0 a.m.16 views

IPMI network LAN interface failover operational risk

Some models of FortiAnalyzer and FortiManager have a default setting of "Failover", for remote IPMI access; this means that if no cable is plugged in the IPMI port, the IPMI implementation will request an IP address on the regular LAN port of the device, via DHCP requests...

3.3AI score
Exploits0
Fortinet
Fortinet
added 2019/04/23 12:0 a.m.16 views

Multiple VPN applications insecurely store session cookies

The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if endpoint device has been compromised in such a way that the attacker has access to...

6.7AI score
Exploits0
Fortinet
Fortinet
added 2016/09/28 12:0 a.m.16 views

FortiDDoS Command Injection Vulnerability Announcement

A vulnerability in FortiDDoS allows escalation of privilege via remote OS injection through crafted URLs sent to the GUI. The user is required to be logged in for an exploit to work...

4AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2015/12/15 12:0 a.m.16 views

FireStorm vulnerability

...

6.9AI score
Exploits0
Fortinet
Fortinet
added 2018/08/24 12:0 a.m.15 views

Forgot password link doesn't expire after use

FortiCloud password reset link requested by the user takes one hour to expire even after password was changed successfully, thus allowing attackers to take over user's account if they somehow gain access to the reset link for the user's password...

2.8AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2016/08/09 12:0 a.m.15 views

FortiVoice 5.0 Filter Bypass & Persistent Web Vulnerabilities

A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this potentially enables XSS attacks...

4.2AI score
Exploits0
Fortinet
Fortinet
added 2016/08/09 12:0 a.m.14 views

FortiCloud Cross Site Script Persistent Web Vulnerabilities

Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow malicious script being injected in the affected module; this potentially enables XSS attacks...

3.8AI score
Exploits0
Fortinet
Fortinet
added 2012/08/20 12:0 a.m.14 views

Potential Buffer Overflow During HTTP Session Authentication

...

2.5AI score
Exploits0
Fortinet
Fortinet
added 2015/04/16 12:0 a.m.13 views

FortiWeb multiple vulnerabilities

...

6.9AI score
Exploits0
Fortinet
Fortinet
added 2019/05/15 12:0 a.m.12 views

FortiCASB data pattern name XSS vulnerability

Failure to sanitize input in the customized data pattern webpage of FortiCASBÂ may allow an authenticated attacker to conduct a stored XSS attack via the name parameter...

6AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/12/08 12:0 a.m.11 views

FortiCloud XSS vulnerability in on-demand sandbox GUI

Before Dec 5th, 2017, a Cross-Site-Scripting XSS vulnerability in forticloud.com on-demand sandbox GUI may have allowed an authenticated user to inject arbitrary web code or HTML in the context of the victim's browser via the upload of a maliciously crafted file...

6.5AI score
Exploits0Affected Software1
Total number of security vulnerabilities649