649 matches found
OpenSSL Security Advisory [22 Sept 2016]
The OpenSSL project released an advisory on Sept 22nd, 2016, describing 1 High, 1 Medium and 12 Low severity vulnerabilities, as listed below: OCSP Status Request extension unbounded memory growth CVE-2016-6304 SSLpeek hang on empty record CVE-2016-6305 SWEET32 Mitigation CVE-2016-2183 OOB write ...
FortiPresence - Unpassworded remotely accessible Redis & MongoDB
A missing authentication for critical function vulnerability CWE-306 in FortiPresence on-prem infrastructure server may allow a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
Protect
A relative path traversal vulnerability CWE-23 in FortiOS, FortiProxy, and FortiSwitchManager may allow an authenticated attacker to read and write files on the underlying system via crafted HTTP, HTTPS or CLI requests...
Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)
11 zero day vulnerabilities aka. URGENT/11 were disclosed in VxWorks® TCP/IP stack IPnet:...
FortiClient (Windows) - Improper write access over FortiClient pipe object
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writin...
Protect
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 in FortiOS and FortiProxy may allow an authenticated and remote attacker to inject arbitrary headers...
FortiClient (Windows) - Arbitrary file write as SYSTEM
An execution with unnecessary privileges vulnerability CWE-250 in FortiClientWindows may allow a local attacker to perform an arbitrary file write on the system...
Multiple vulnerabilities in PJSIP library
Some advisories were released affecting the version of PJSIP library used in some Fortinet products:...
Protect
An improper neutralization of input during web page generation CWE-79 vulnerability in FortiOS may allow a remote, unauthenticated attacker to launch a cross site scripting XSS attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. Â...
Protect
An improper certificate validation vulnerability CWE-295 in FortiOS and FortiProxy may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds when the latter are...
Multiple Apache Vulnerabilities fixed in 2.4.52
The Apache project released an advisory, describing the following vulnerabilities:...
Multiple Apache Vulnerabilties fixed in 2.4.46
...
OpenSSL Advisory - May 2016
OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities...
Protect
An out-of-bounds write vulnerability CWE-787 in sslvpnd of FortiOS and FortiProxy may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted requests...
FortiClient (Windows) - Arbitrary file creation from unprivileged users due to process impersonation
An incorrect authorization CWE-863 vulnerability in FortiClient Windows may allow a local low privileged attacker to perform arbitrary file creation in the device filesystem...
FortiAnalyzer - CSV injection in macro name
An improper neutralization of formula elements vulnerability CWE 1236 in FortiAnalyzer may allow a local authenticated privileged attacker to execute arbitrary code on the end-user's host via inserting spreadsheet formulas in the macro names. This is achieved once the user downloads and opens the...
Meltdown and Spectre class vulnerabilities
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc. These attacks allow malicious userspace processes to read kernel memory, thus potentially causing kernel sensitive information to leak...
Linux Kernel tty_ioctl Vulnerability
A race condition in the ttyioctl function in drivers/tty/ttyio.c in the Linux kernel may allow local users to obtain sensitive information from kernel memory or cause a denial of service...
Protect
An improper verification of source of a communication channel vulnerability CWE-940 in FortiOS may allow a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. This is possible only...
FortiWeb - SQL Injection in delete filter component
An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 in FortiWeb delete log filter component may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters...
CVE-2004-1653 SSH port forwarding exposes unprotected internal services
An improper access control vulnerability in the admin SSH console of multiple products may allow an authenticated user to access internal only system services via using SSH local port forwarding. A successful attack needs an authenticated admin SSH user to set up a port bounce to product internal...
Linux Kernel Dirty Cow Vulnerability
Linux Kernel Dirty Cow Vulnerability Announcement...
FortiAP & FortiAP-S & FortiAP-W2 & FortiAP-U - Command injection in CLI
An improper neutralization of special elements CWE-89 used in an OS command vulnerability CWE-78 in the command line interpreter of FortiAP, FortiAP-S, FortiAP-W2 and FortiAP-U may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...
Apache Struts RCE Vulnerability
Multiple Remote Code Execution vulnerabilities CVE-2017-9805, CVE-2017-9804, CVE-2017-9793 are affecting Apache Struts...
Multiple vulnerabilities in Linux kernels through 4.6.3
Of multiple vulnerabilities released affecting Linux kernels through 4.6.3, FortiOS was found vulnerable to the following two:...
SSL v3 "POODLE" Vulnerability
...
Protect
An access of uninitialized pointer vulnerability CWE-824 in the SSL-VPN portal of FortiOS & FortiProxy may allow a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request...
Protect
An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server...
Protect
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...
Key Reinstallation Attacks: Cryptographic/protocol attack against WPA2
Several vulnerabilities affect the Wi-Fi Protected Access II WPA2 protocol, potentially enabling Man-in-the-Middle MitM attacks between Wifi Clients and Access Points running WPA2 . The impact includes decryption, packet replay, TCP connection hijacking and HTTP content injection...
TLS FREAK Attack
...
FortiGate Vulnerabilities in FortiManager Service
...
Protect
A loop with unreachable exit condition 'Infinite Loop' vulnerability CWE-835 in FortiOS, FortiProxy and Fortiweb may allow an authenticated attacker to perform a denial of service via a specially crafted firmware image...
FortiWeb - header injection in FortiWeb API
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary headers...
Protect
An improper access control vulnerability CWE-284 in FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...
FortiManager --- Password observed in cleartext in the config conflict file
An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiManager may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file...
ntp-4.2.8p7 Security Vulnerability Announcement April 2016
ntp released an announcement on 26th April 2016, describing 4 low and 7 medium severity vulnerabilities, as listed below:...
Protect
A URL redirection to untrusted site 'Open Redirect' vulnerability CWE-601 in FortiOS and FortiProxy sslvpnd may allow an authenticated attacker to redirect users to any arbitrary website via a crafted URL...
Protect
A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate and FortiAuthenticator may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via...
Apache commons_text(CVE-2022-42889) and commons_configuration (CVE-2022-33980) vulnerability
CVE-2022-42889:...
Protect
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an unauthenticated attacker to cause the SSL VPN user session to break Denial of service and possibly to run arbitrary code via specially crafted packets sent from a malicious SSH...
Protect
An improper verification of cryptographic signature vulnerability CWE-347 in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter...
Protect
An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of FortiOS & FortiProxy may allow a remote unauthenticated or authenticated see Affected Products section attacker to crash the sslvpn daemon via an HTTP GET request...
CVE-2019-9506 Encryption Key Negotiation of Bluetooth (KNOB) Vulnerability
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...
OpenSSL Advisory - December 2015
...
FortiWeb - Path traversal in API controller
A relative path traversal vulnerability CWE-23 in the API of FortiWeb may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...
Protect
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnalyzer may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...
Bleichenbacher and Dictionary Attacks on IPsec IKE
Two new attacks on IPsec IKE Internet Key Exchange were recently disclosed 1, involving multiple ways to perform attacks against IKE signature based and PSK Pre-Shared Key authentications. The end goal is to crack IPsec VPN encrypted communications. The relevant CVEs are: CVE-2018-5389: Practical...
FortiOS local privilege escalation via malicious use of USB storage devices
An admin user with superadmin privileges can execute an arbitrary binary contained on an USB drive plugged to a FortiGate, via linking the aforementioned binary to a command that is allowed to be run by the fnsysctl CLI command...
FortiGate Cross-Site Scripting Vulnerability
...