649 matches found
FortiGate Cross-Site Scripting Vulnerability
...
FortiWeb - Relative path traversal in web API
A path traversal vulnerability CWE-23 in the API of FortiWeb may allow a unauthenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests...
FortiTester - Undocumented shell command
A hidden functionality vulnerability CWE-1242 in FortiTester CLI may allow a local, privileged user to obtain a root shell on the device via an undocumented command...
FortiWAN - Pervasive SQL injection
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
HTTP/2 Multiple DoS Attacks (VU#605641)
Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service DoS attacks...
Linux kernel - challenge ack information leak
net/ipv4/tcpinput.c in certain Linux kernel versions does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack...
Glibc getaddrinfo() stack-overflow
...
Protect
A stack-based overflow vulnerability CWE-124 in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection...
FortiSOAR - PostgreSQL DB access to local users
A missing authentication for critical function CWE-306 vulnerabilty in FortiSOAR's Postgres database may allow a local attacker to access sensitive information via logging into the database using a privileged account without a password...
Protect
An improper access control vulnerability CWE-284 in the FortiOS REST API component may allow an authenticated attacker to access a restricted resource from a non trusted host...
FortiAP Bleeding Bit Vulnerability
Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability CVE-2018-16986 present in the Texas Instruments WiFi chips...
Protect
An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions...
FortiWeb & FortiADC - OS command injection in CLI
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiWeb & FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
Protect
An improper privilege management vulnerability CWE-269 in FortiOS & FortiProxy may allow an administrator that has access to the admin profile section System subsection Administrator Users to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands...
Protect
A improper neutralization of input during web page generation 'cross-site scripting' CWE-79 in FortiOS may allow a privileged attacker to perform a stored XSS attack via storing malicious payloads in replacement messages...
Protect
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
Protect
An improper certificate validation vulnerability CWE-295 in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms...
Information Disclosure Vulnerability in OpenSSL (Heartbleed)
...
Protect
A relative path traversal vulnerability CWE-23 in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests...
Ripple20 - Critical Vulnerabilities in low-level TCP/IP software library developed by Treck
On June 16, 2020, cybersecurity researchers from JSOF published a set of 19 vulnerabilities, dubbed Ripple20 that are impacting the TCP/IP stack developed by Treck. A remote attacker can exploit some of these vulnerabilities to take control of an affected system...
FortiADC - OS command injection vulnerability in CLI
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute arbitrary shell code as root via CLI commands...
FortiSIEM - Glassfish local credentials stored in plain text
An improper authentification vulnerability CWE-287 in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
Protect
An improper certificate validation vulnerability CWE-295 in FortiOS, FortiAnalyzer, FortiManager, and FortiSandbox may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers...
FortiProxy - Unauthenticated SSL VPN users password modification
An improper access control vulnerability in FortiProxy SSL VPN web portal may allow an unauthenticated and remote attacker to change local SSL-VPN users' passwords via specially crafted HTTP requests...
CVE-2015-3456 "VENOM" vulnerability
...
Multiple Vulnerabilities in OpenSSL
...
FortiAnalyzer could potentially be used in NTP amplification attacks
An insufficient control of network message volume CWE-406 vulnerability in FortiAnalyzer may allow an unauthenticated remote attacker to perform NTP amplification attacks thereby causing reflected denial of service on arbitrary targets via sending specially crafted mode 6 queries to the...
Protect
A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for logged in users or potential remote code execution on FortiOS; this happens when an authenticated user visits a specifically crafted proxy-ed webpage, and this is due to a...
FortiAuthenticator - Reflected XSS in the password reset page
An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiAuthenticator may allow a remote unauthenticated attacker to trigger a reflected cross site scripting XSS attack via the "reset-password" page...
Protect
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiOS and FortiProxy administrative interface may allow an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP or HTTPs GET requests...
FortiNAC - SQL Injection
Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters...
FortiEDR - Denial of service due to folder access permission change
An improper control of a resource through its lifetime CWE-664 vulnerability in FortiEDR Collector may allow a privileged attacker to make the application unresponsive via changing its root directory access permission...
RSA-CRT key leak under certain conditions
FortiOS now includes for all SSL libraries a countermeasure against Lenstra's fault attack on RSA-CRT optimization when a RSA signature is corrupted...
SAM and LSAD remote protocols man in the middle vulnerability (Badlock)
The Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD are both vulnerable to man in the middle attacks. These protocols are typically available on all Windows installations as well as every Samba server...
FortiAuthenticator multiple vulnerabilities
...
Protect
An insufficient session expiration CWE-613 vulnerability in FortiOS REST API may allow an attacker to keep a secure websocket session active after user deletion...
Protect
A format string vulnerability CWE-134 in the command line interpreter of FortiOS and FortiProxy may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...
FortiRecorder - DoS in login authentication mechanism
An uncontrolled resource consumption vulnerability CWE-400 in FortiRecorder login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests...
FortiADC - WAF XSS Injection Bypass
An improper handling of malformed request vulnerability CWE-228 in FortiADC may allow a remote attacker without privileges to bypass some Web Application Firewall WAF protection such as the SQL Injection and XSS filters via a malformed HTTP request...
Protect
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list. Â...
FortiProxy SSL VPN buffer overflow when parsing javascript href content
A heap buffer overflow vulnerability in the FortiProxy SSL VPN web portal may cause the SSL VPN web service termination for logged in users or potential remote code execution on FortiProxy. This happens when an authenticated user visits a specifically crafted proxied webpage and is due to a failu...
OpenSSL Advisory - January 2016
OpenSSL released an update in January 2016 to address one high and one low severity vulnerabilities...
FSSO stack-based buffer overflow
...
Protect
A heap-based buffer overflow vulnerability CWE-122 in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests...
FortiWeb - Path traversal via browse report CGI component
A relative path traversal vulnerability CWE-23 in FortiWeb may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...
Protect
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...
FortiTester - Multiple command injection vulnerabilities in GUI and API
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell...
Protect
A format string vulnerability CWE-134 in the command line interpreter of FortiOS, FortiOS-6K7K, FortiProxy, FortiADC, and FortiMail may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...
FortiWeb - Path traversal in API controller
Multiple relative path traversal vulnerabilities CWE-23 in the API of FortiWeb may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...
Protect
On May 11th, 2021, Mathy Vanhoef New York University Abu Dhabi published a new paper, Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation, on a number of vulnerabilities in the base 802.11 protocol 802.11 is the standard that Wi-Fi is built on. The paper discloses three...