649 matches found
FortiManager - Incorrect user management behavior leads to passwordless admin
An incorrect user management vulnerability CWE-286 in the FortiManager VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin profiled admin account is deleted...
CVE-2022-22965 and CVE-2022-22963 vulnerabilities
Two distinct spring project vulnerabilities where released recently with critical CVSS score and classified as zero-Day attacks. The two vulnerabilities are currently known as : CVE-2022-22965 or Spring4Shell: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remot...
Kr00k vulnerability (CVE-2019-15126) in Broadcom and Cypress Wi-Fi chips
During the RSA conference of February 26th 2020, researchers Å tefan SvorencÃk and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability is referenced as CVE-2019-15126 and could allow an...
Protect
TCP stacks that lack RFC 5961 3.2 & 4.2 support or have it disabled at application level may allow remote attackers to guess sequence numbers and cause a denial of service connection loss to persistent TCP connections by repeatedly injecting a TCP RST or SYN packet...
Protect
Failure to sanitize the login redir parameter in the SSL-VPN web portal may allow an attacker to perform a Cross-site Scripting XSS or an URL Redirection attack...
Protect
A buffer underwrite 'buffer underflow' vulnerability in FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy & FortiSwitchManager administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically...
FortiProxy - system file leak through SSL VPN special crafted HTTP resource requests
A path traversal vulnerability in the FortiProxy SSL VPN web portal may allow a non-authenticated, remote attacker to download FortiProxy system files through specially crafted HTTP resource requests...
Protect
A improper limitation of a pathname to a restricted directory vulnerability 'path traversal' CWE-22 in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands...
Protect
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiProxy and FortiOS web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...
Protect
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...
Protect
An authentication bypass using an alternate path or channel vulnerability CWE-288 in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests...
Multiple vulnerabilities in Apache Airflow
Security advisories were released affecting the version of Apache Airflow library used in some Fortinet products:...
FortiManager/FortiAnalyzer - XSS Vulnerability in Report Templates
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiManager and FortiAnalyzer report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281...
Apache log4j2 log messages substitution (CVE-2021-44228)
Apache Log4j =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when...
CVE-2015-4000 "Logjam" attack
...
FortiOS TCP timestamp response
FortiOS by default enables TCP timestamp response, which may lead to information disclosure...
Protect
A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests...
Protect
An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow a remote authenticated attacker to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, a...
CVE-2022-0847 on Linux Kernel
A security advisory was released affecting a version of the Linux Kernel used in FortiAuthenticator, FortiProxy & FortiSIEM:...
Protect
A server-generated error message containing sensitive information vulnerability CWE-550 in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages...
CVE-2015-0235 "GHOST" vulnerability
...
FortiADC - OS command injection vulnerability in CLI
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute arbitrary shell code as root via CLI commands...
FortiWeb is vulnerable to a blind SQL injection
A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement...
Protect
CVE-2022-3602: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue...
ROCA: Vulnerable RSA key pairs generation (CVE-2017-15361)
An old Infineon RSA library does not properly generate RSA key pairs, therefore enabling an attacker to potentially infer a private key from a public key...
Protect
A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys ddns-key or n-mhae-key in FortiOS & FortiProxy configuration may allow an attacker in possession of the encrypted key to decipher it...
Protect
FortiGate's and FortiADC's read-only admins are able to point an LDAP server connectivity test request to a rogue LDAP server instead of the configured one, in order to obtain the LDAP server login credentials configured in the FortiGate...
FortiNAC - External Control of File Name or Path in keyUpload scriptlet
An external control of file name or path vulnerability CWE-73 in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system...
Protect
A security advisory was released affecting  the version of OpenSSL library used in some Fortinet products:...
Protect
An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS / FortiProxy log events may allow a remote authenticated attacker to read certain passwords in ciphertext...
Multiple products cross-site scripting vulnerabilities
...
Protect
A relative path traversal vulnerability CWE-23 in FortiOS, FortiProxy, and FortiSwitchManager may allow an authenticated attacker to read and write files on the underlying system via crafted HTTP, HTTPS or CLI requests...
Protect
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...
FortiWeb - Stack-based buffer overflows in Proxyd
Multiple stack-based buffer overflow vulnerabilities CWE-121 in FortiWeb's proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests...
Protect
An improper authentication vulnerability in SSL VPN in FortiOS may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...
Protect
A use of externally-controlled format string vulnerability CWE-134 in the Fclicense daemon of FortiOS may allow a remote authenticated attacker to execute arbitrary code or commands via specially crafted requests...
FortiManager --- Password observed in cleartext in the config conflict file
An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiManager may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file...
Protect
Multiple Fortinet products may be affected by the following Linux Kernel vulnerability:...
FortiAP & FortiAP-S & FortiAP-W2 & FortiAP-U - Command injection in CLI
An improper neutralization of special elements CWE-89 used in an OS command vulnerability CWE-78 in the command line interpreter of FortiAP, FortiAP-S, FortiAP-W2 and FortiAP-U may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...
CVE-2004-1653 SSH port forwarding exposes unprotected internal services
An improper access control vulnerability in the admin SSH console of multiple products may allow an authenticated user to access internal only system services via using SSH local port forwarding. A successful attack needs an authenticated admin SSH user to set up a port bounce to product internal...
FortiNAC - SSH Weak Key Exchange Algorithm
A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...
FortiClient (Windows) - privilege escalation in online installer due to incorrect working directory
An improper initialization CWE-665 vulnerability in FortiClient Windows may allow a local attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory...
Protect
A heap-based buffer overflow vulnerability CWE-122 in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests...
Protect
An improper access control vulnerability CWE-284 in the FortiOS REST API component may allow an authenticated attacker to access a restricted resource from a non trusted host...
FortiManager - Improper Inter ADOM access control
An improper access control vulnerability CWE-284 in FortiManager may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...
Protect
When traffic other than HTTP/S eg: SSH traffic, etc... traverses the FortiOS on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header...
Intel-SA-00086 Security Review Cumulative Update
Intel recently released a security update Intel-SA-00086, regarding Intel ME 11.x, SPS 4.0, and TXE 3.0 intel products...
FortiOS SSL Deep-Inspection possible Insecure Renegotiation
FortiOS SSL Deep-Inspection may enable insecure renegotiation between TLS clients and servers that support secure renegotiation, opening the door to potential Man-in-the-Middle attacks CVE-2009-3555 against the TLS connection, where an attacker could inject arbitrary data in the connection withou...
Protect
A stack-based buffer overflow vulnerability CWE-121 in FortiOS may allow a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections...
FortiAnalyzer - XSS vulnerability due to AngularJS Client-Side Template injection
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer...