649 matches found
FortiNDR - OS command injection due to improper input sanitization
An improper input validation in FortiNDR v1.4.0 may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...
Unquoted Service Path Exploit observed in FortiSIEMWindowsAgent
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path...
FortiClient for Windows Insecure Temporary File vulnerability
An Insecure Temporary File CWE-377 vulnerability in FortiClient for Windows may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack...
Unauthenticated XSS (Cross Site Scripting) in FortiMail
An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...
Fortinet Connect admin able to gain root access
A webui administrator may create a new theme that performs arbitrary code execution on the system...
Protect
An improper access control vulnerability CWE-284 in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted configuration of fabric automation CLI script and auto-script features...
FortiPortal - Denial of service vulnerabilities
Multiple uncontrolled resource consumption vulnerabilities CWE-400 in the web interface of FortiPortal may allow a single low-privileged user to induce a denial of service via multiple HTTP requests...
FortiPortal - Unrestricted file upload vulnerability
An unrestricted file upload vulnerability CWE-434 in the web interface of FortiPortal may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files...
XSS vulnerability in FortiProxy SSLVPN Portal
An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS...
XSS vulnerability in the Anomaly Detection Parameter Name
An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated attacker to perform a cross site scripting attack XSS via a parameter of the request...
FortiSIEM default SSH key for the "tunneluser" account is the same across all appliances
A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image...
Protect
...
XSS vulnerability in the URL of the FortiGateCloud Login Page
An improper neutralization of input vulnerability in the FortiGateCloud login page may allow a remote unauthenticated attacker to perform a reflected cross site scripting attack XSS via a specifically crafted login request...
FortiADC-E remote network access vulnerability
...
FortiWLC - Multiple Buffer Overflow vulnerabilities
Multiple instances of stack-based buffer overflow vulnerability CWE-121 in the command line interface of FortiWLC may allow a local, authenticated attacker to crash the access point being managed by the controller and potentially execute unauthorized code via a specifically crafted CLI command...
XSS vulnerability in FortiOS SSLVPN Portal
...
XSS vulnerability in FortiClientEMS
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...
FortiClient local privilege escalation exploit chain
A researcher has disclosed several vulnerabilities against FortiClient for Windows, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows...
Potential Man-In-The Middle Vulnerability in FortiClient VPN
...
XSS vulnerability in the Security Profiles comments section in FortiGate Cloud
An improper neutralization of input vulnerability in FortiGate Cloud may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the comments section of the Security Profiles...
Protect
FortiOS Explicit Web Proxy by default allows non-standard HTTP traffic.Â...
FortiClient SSLVPN Linux - Root privilege escalation with subproc
Fortinet is pleased to thank Grzegorz Wrobel of STMSolutions for reporting this vulnerability under responsible disclosure...
Blacknurse ICMP DoS attack
BlackNurse is a Denial of Service attack consisting in flooding the target with ICMP Type 3 Code 3 packets. The latter type of packets generally consumes more CPU to be processed than the "traditional" ICMP packets used in classical ping-flood attacks Type 8 Code 0. As such, Blacknurse aims at...
FortiClient Unencrypted Password Vulnerability
One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials...
"POODLE has friends" vulnerability
...
Script Code Injection Vulnerability in FortiMail
...
FortiWeb - arbitrary file/directory deletion
An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in FortiWeb management interface may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem...
FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd
Multiple vulnerabilities in the authentication mechanism of FortiWeb's confd, including an instance of concurrent execution using shared resource with improper synchronization CWE-362 and one of authentication bypass by capture-replay CWE-294, may allow a remote unauthenticated attacker to...
Protect
Multiple information exposure vulnerabilities in FortiOS may allow an unauthenticated attacker to perform some information gathering via parsing the HTTP headers, web portal certificate, and error messages. The exposed information includes the FortiGate's model, serial number and internal IP...
Protect
Certificates taken out of service could potentially be improperly re-used.Â...
BranchScope: New CPU Side-Channel Attack
A new side-channel attack that takes advantage of the speculative execution feature of modern processors to recover data from targeted users' CPUs has been disclosed It targets the "branch prediction" operations —which is the same part of a CPU speculative execution process as the one targeted ...
Cross Site Scripting Vulnerability in FortiWeb
...
Potential Policy Bypass in FortiWeb Web Application Firewall
...
XSS vulnerability in the FortiManager via the buffer parameter
An improper neutralization of input vulnerability in FortiManager GUI may allow an authenticated attacker to perform an XSS Cross Site Scripting attack via the buffer parameter...
VPNFilter botnet
On May 23, 2018, Talos disclosed in a blog post the discovery of a modular malware system they deemed "VPNFilter", affecting multiple network devices wordwide, and embedding Botnet capabilities...
Multiple Cross Site Scripting on FortiCloud Web Interface Login
Before August, 2018, parameters at /loginmgrlogin in forticloud.com were vulnerable to a Cross-Site-Scripting XSS attack...
FortiOS open redirect vulnerability
...
Potential Cross-Site Vulnerabilities in FortiGate
...
IPMI network LAN interface failover operational risk
Some models of FortiAnalyzer and FortiManager have a default setting of "Failover", for remote IPMI access; this means that if no cable is plugged in the IPMI port, the IPMI implementation will request an IP address on the regular LAN port of the device, via DHCP requests...
Multiple VPN applications insecurely store session cookies
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if endpoint device has been compromised in such a way that the attacker has access to...
FortiDDoS Command Injection Vulnerability Announcement
A vulnerability in FortiDDoS allows escalation of privilege via remote OS injection through crafted URLs sent to the GUI. The user is required to be logged in for an exploit to work...
FireStorm vulnerability
...
Forgot password link doesn't expire after use
FortiCloud password reset link requested by the user takes one hour to expire even after password was changed successfully, thus allowing attackers to take over user's account if they somehow gain access to the reset link for the user's password...
FortiVoice 5.0 Filter Bypass & Persistent Web Vulnerabilities
A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this potentially enables XSS attacks...
FortiCloud Cross Site Script Persistent Web Vulnerabilities
Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow malicious script being injected in the affected module; this potentially enables XSS attacks...
Potential Buffer Overflow During HTTP Session Authentication
...
FortiWeb multiple vulnerabilities
...
FortiCASB data pattern name XSS vulnerability
Failure to sanitize input in the customized data pattern webpage of FortiCASBÂ may allow an authenticated attacker to conduct a stored XSS attack via the name parameter...
FortiCloud XSS vulnerability in on-demand sandbox GUI
Before Dec 5th, 2017, a Cross-Site-Scripting XSS vulnerability in forticloud.com on-demand sandbox GUI may have allowed an authenticated user to inject arbitrary web code or HTML in the context of the victim's browser via the upload of a maliciously crafted file...