Lucene search
K
FortinetMost viewed

649 matches found

Fortinet
Fortinet
added 2014/02/03 12:0 a.m.60 views

FortiGate Cross-Site Scripting Vulnerability

...

4.3CVSS6.3AI score0.02413EPSS
Exploits1
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.59 views

FortiWeb - Relative path traversal in web API

A path traversal vulnerability CWE-23 in the API of FortiWeb may allow a unauthenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests...

4CVSS5.3AI score0.00474EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.59 views

FortiTester - Undocumented shell command

A hidden functionality vulnerability CWE-1242 in FortiTester CLI may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

4CVSS6.3AI score0.00179EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/04/05 12:0 a.m.59 views

FortiWAN - Pervasive SQL injection

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

7.5CVSS10AI score0.0149EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/09/03 12:0 a.m.59 views

HTTP/2 Multiple DoS Attacks (VU#605641)

Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service DoS attacks...

7.8CVSS3.5AI score0.87806EPSS
Exploits1
Fortinet
Fortinet
added 2017/04/04 12:0 a.m.59 views

Linux kernel - challenge ack information leak

net/ipv4/tcpinput.c in certain Linux kernel versions does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack...

5.8CVSS5.8AI score0.15073EPSS
Exploits3Affected Software8
Fortinet
Fortinet
added 2016/02/25 12:0 a.m.59 views

Glibc getaddrinfo() stack-overflow

...

6.8CVSS8.2AI score0.89557EPSS
Exploits17
Fortinet
Fortinet
added 2023/07/11 12:0 a.m.58 views

Protect

A stack-based overflow vulnerability CWE-124 in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection...

7.5CVSS9.5AI score0.01873EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.58 views

FortiSOAR - PostgreSQL DB access to local users

A missing authentication for critical function CWE-306 vulnerabilty in FortiSOAR's Postgres database may allow a local attacker to access sensitive information via logging into the database using a privileged account without a password...

1.7CVSS5.4AI score0.00169EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/10/10 12:0 a.m.57 views

Protect

An improper access control vulnerability CWE-284 in the FortiOS REST API component may allow an authenticated attacker to access a restricted resource from a non trusted host...

4CVSS6.7AI score0.0037EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/04/10 12:0 a.m.57 views

FortiAP Bleeding Bit Vulnerability

Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability CVE-2018-16986 present in the Texas Instruments WiFi chips...

5.8CVSS1.8AI score0.02981EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.56 views

Protect

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions...

6.5CVSS8.4AI score0.00405EPSS
Exploits0Affected Software3
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.56 views

FortiWeb & FortiADC - OS command injection in CLI

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiWeb & FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

4.3CVSS7.6AI score0.00626EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.56 views

Protect

An improper privilege management vulnerability CWE-269 in FortiOS & FortiProxy may allow an administrator that has access to the admin profile section System subsection Administrator Users to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands...

2.9CVSS5.9AI score0.0024EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/12/06 12:0 a.m.56 views

Protect

A improper neutralization of input during web page generation 'cross-site scripting' CWE-79 in FortiOS may allow a privileged attacker to perform a stored XSS attack via storing malicious payloads in replacement messages...

4.9CVSS5AI score0.0038EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.56 views

Protect

An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...

5CVSS8.3AI score0.00444EPSS
Exploits0Affected Software3
Fortinet
Fortinet
added 2022/05/03 12:0 a.m.56 views

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms...

2.9CVSS5.4AI score0.00184EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2014/04/08 12:0 a.m.56 views

Information Disclosure Vulnerability in OpenSSL (Heartbleed)

...

5CVSS7.7AI score0.99999EPSS
Exploits87
Fortinet
Fortinet
added 2023/03/07 12:0 a.m.55 views

Protect

A relative path traversal vulnerability CWE-23 in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests...

4CVSS7.9AI score0.00217EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2020/07/30 12:0 a.m.55 views

Ripple20 - Critical Vulnerabilities in low-level TCP/IP software library developed by Treck

On June 16, 2020, cybersecurity researchers from JSOF published a set of 19 vulnerabilities, dubbed Ripple20 that are impacting the TCP/IP stack developed by Treck. A remote attacker can exploit some of these vulnerabilities to take control of an affected system...

9.3CVSS4.5AI score0.36965EPSS
Exploits3
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.54 views

FortiADC - OS command injection vulnerability in CLI

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute arbitrary shell code as root via CLI commands...

4.3CVSS8AI score0.00552EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.54 views

FortiSIEM - Glassfish local credentials stored in plain text

An improper authentification vulnerability CWE-287 in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

4.3CVSS7.1AI score0.00195EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/06/07 12:0 a.m.54 views

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS, FortiAnalyzer, FortiManager, and FortiSandbox may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers...

3.2CVSS4.9AI score0.00479EPSS
Exploits0Affected Software4
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.54 views

FortiProxy - Unauthenticated SSL VPN users password modification

An improper access control vulnerability in FortiProxy SSL VPN web portal may allow an unauthenticated and remote attacker to change local SSL-VPN users' passwords via specially crafted HTTP requests...

5CVSS7.5AI score0.81691EPSS
Exploits2Affected Software1
Fortinet
Fortinet
added 2015/05/19 12:0 a.m.54 views

CVE-2015-3456 "VENOM" vulnerability

...

7.7CVSS7.8AI score0.15275EPSS
Exploits1
Fortinet
Fortinet
added 2014/06/06 12:0 a.m.54 views

Multiple Vulnerabilities in OpenSSL

...

6.8CVSS6.7AI score0.99977EPSS
Exploits14
Fortinet
Fortinet
added 2020/06/22 12:0 a.m.53 views

FortiAnalyzer could potentially be used in NTP amplification attacks

An insufficient control of network message volume CWE-406 vulnerability in FortiAnalyzer may allow an unauthenticated remote attacker to perform NTP amplification attacks thereby causing reflected denial of service on arbitrary targets via sending specially crafted mode 6 queries to the...

5CVSS3.5AI score0.97549EPSS
Exploits23Affected Software2
Fortinet
Fortinet
added 2019/11/26 12:0 a.m.53 views

Protect

A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for logged in users or potential remote code execution on FortiOS; this happens when an authenticated user visits a specifically crafted proxy-ed webpage, and this is due to a...

4.3CVSS7.6AI score0.33647EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.52 views

FortiAuthenticator - Reflected XSS in the password reset page

An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiAuthenticator may allow a remote unauthenticated attacker to trigger a reflected cross site scripting XSS attack via the "reset-password" page...

5.8CVSS6AI score0.00494EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/03/07 12:0 a.m.52 views

Protect

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiOS and FortiProxy administrative interface may allow an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP or HTTPs GET requests...

5CVSS5.3AI score0.00559EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/05/03 12:0 a.m.52 views

FortiNAC - SQL Injection

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters...

6.5CVSS9AI score0.00761EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/04/05 12:0 a.m.52 views

FortiEDR - Denial of service due to folder access permission change

An improper control of a resource through its lifetime CWE-664 vulnerability in FortiEDR Collector may allow a privileged attacker to make the application unresponsive via changing its root directory access permission...

2.1CVSS5.2AI score0.00208EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2016/05/16 12:0 a.m.52 views

RSA-CRT key leak under certain conditions

FortiOS now includes for all SSL libraries a countermeasure against Lenstra's fault attack on RSA-CRT optimization when a RSA signature is corrupted...

5CVSS4AI score0.02425EPSS
Exploits0
Fortinet
Fortinet
added 2016/04/14 12:0 a.m.52 views

SAM and LSAD remote protocols man in the middle vulnerability (Badlock)

The Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD are both vulnerable to man in the middle attacks. These protocols are typically available on all Windows installations as well as every Samba server...

6.8CVSS3.5AI score0.3693EPSS
Exploits0
Fortinet
Fortinet
added 2015/02/05 12:0 a.m.52 views

FortiAuthenticator multiple vulnerabilities

...

7.5CVSS6.3AI score0.02664EPSS
Exploits3
Fortinet
Fortinet
added 2023/07/11 12:0 a.m.51 views

Protect

An insufficient session expiration CWE-613 vulnerability in FortiOS REST API may allow an attacker to keep a secure websocket session active after user deletion...

7.5CVSS8.8AI score0.0043EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.51 views

Protect

A format string vulnerability CWE-134 in the command line interpreter of FortiOS and FortiProxy may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

4.3CVSS7.7AI score0.00249EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/03/07 12:0 a.m.51 views

FortiRecorder - DoS in login authentication mechanism

An uncontrolled resource consumption vulnerability CWE-400 in FortiRecorder login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests...

5CVSS7.5AI score0.0723EPSS
Exploits3Affected Software1
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.51 views

FortiADC - WAF XSS Injection Bypass

An improper handling of malformed request vulnerability CWE-228 in FortiADC may allow a remote attacker without privileges to bypass some Web Application Firewall WAF protection such as the SQL Injection and XSS filters via a malformed HTTP request...

7.5CVSS9.3AI score0.00679EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/09/07 12:0 a.m.51 views

Protect

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list. Â...

2.1CVSS4.3AI score0.00573EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/02/03 12:0 a.m.51 views

FortiProxy SSL VPN buffer overflow when parsing javascript href content

A heap buffer overflow vulnerability in the FortiProxy SSL VPN web portal may cause the SSL VPN web service termination for logged in users or potential remote code execution on FortiProxy. This happens when an authenticated user visits a specifically crafted proxied webpage and is due to a failu...

4.3CVSS7.6AI score0.33647EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2016/07/12 12:0 a.m.51 views

OpenSSL Advisory - January 2016

OpenSSL released an update in January 2016 to address one high and one low severity vulnerabilities...

2.6CVSS1.9AI score0.83645EPSS
Exploits1
Fortinet
Fortinet
added 2015/02/27 12:0 a.m.51 views

FSSO stack-based buffer overflow

...

7.5CVSS6.3AI score0.10333EPSS
Exploits5
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.50 views

Protect

A heap-based buffer overflow vulnerability CWE-122 in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests...

7.5CVSS9.7AI score0.85689EPSS
Exploits10Affected Software3
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.50 views

FortiWeb - Path traversal via browse report CGI component

A relative path traversal vulnerability CWE-23 in FortiWeb may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...

4CVSS6.2AI score0.00573EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/12/05 12:0 a.m.50 views

Protect

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...

4.3CVSS5.7AI score0.01766EPSS
Exploits2Affected Software8
Fortinet
Fortinet
added 2023/01/03 12:0 a.m.49 views

FortiTester - Multiple command injection vulnerabilities in GUI and API

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell...

6.5CVSS9AI score0.01114EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/08/02 12:0 a.m.49 views

Protect

A format string vulnerability CWE-134 in the command line interpreter of FortiOS, FortiOS-6K7K, FortiProxy, FortiADC, and FortiMail may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

4.3CVSS7.7AI score0.00194EPSS
Exploits0Affected Software5
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.49 views

FortiWeb - Path traversal in API controller

Multiple relative path traversal vulnerabilities CWE-23 in the API of FortiWeb may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...

4CVSS5.6AI score0.0089EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.49 views

Protect

On May 11th, 2021, Mathy Vanhoef New York University Abu Dhabi published a new paper, Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation, on a number of vulnerabilities in the base 802.11 protocol 802.11 is the standard that Wi-Fi is built on. The paper discloses three...

2.9CVSS6.7AI score0.06487EPSS
Exploits0Affected Software7
Total number of security vulnerabilities649