Lucene search
K
FortinetMost viewed

649 matches found

Fortinet
Fortinet
added 2020/03/09 12:0 a.m.49 views

FortiClient - installer DLL Hijacking Vulnerability

Multiple unsafe search path vulnerabilities in FortiClient online installers may allow an attacker with control over the directory in which the installers reside to execute arbitrary code on the system via uploading malicious .dll files in that directory...

9.3CVSS6.1AI score0.02613EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2018/07/13 12:0 a.m.49 views

OpenSSL Security Advisory [26 Jan 2017]

The OpenSSL project released an advisory on Jan 26th, 2017, describing 3 Moderate, 1 Low severity vulnerabilities, as listed below:Â...

5CVSS7.3AI score0.57595EPSS
Exploits6Affected Software27
Fortinet
Fortinet
added 2013/07/08 12:0 a.m.49 views

Multiple CSRF Vulnerabilities in FortiGate

...

5.1CVSS6.3AI score0.02286EPSS
Exploits6
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.48 views

Protect

An out-of-bounds write vulnerability CWE-787 in Command Line Interface of FortiOS and FortiProxy may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands...

4.3CVSS7.9AI score0.00188EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/06/07 12:0 a.m.48 views

FortiAuthenticator - XSS vulnerability in OWA login page

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAuthenticator OWA Agent may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...

5.8CVSS6AI score0.00495EPSS
Exploits0
Fortinet
Fortinet
added 2022/06/07 12:0 a.m.48 views

FortiAP-U - Relative path traversal vulnerability in CLI

A path traversal vulnerability CWE-22 in FortiAP-U CLI may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...

4CVSS6.5AI score0.00224EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2015/06/11 12:0 a.m.48 views

OpenSSL vulnerabilities - June 2015

...

7.5CVSS5.8AI score0.9986EPSS
Exploits2
Fortinet
Fortinet
added 2022/12/06 12:0 a.m.47 views

FortiADC - Improper input validation in download features

Multiple improper input validation vulnerabilities CWE-20 may allow an authenticated attacker to retrieve files with specific extensions from the underlying Linux system via crafted HTTP requests...

4CVSS6.4AI score0.0074EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/10/10 12:0 a.m.47 views

FortiAnalyzer & FortiManager - improper authorization to template image

An exposure of resource to wrong sphere vulnerability CWE-668 in FortiAnalyzer and FortiManager GUI may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path...

5CVSS5.7AI score0.00728EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/09/06 12:0 a.m.47 views

FortiSOAR - Privilege escalation from nginx user to root

An improper privilege management vulnerability CWE-269 in FortiSOAR may allow a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

4.3CVSS7.9AI score0.00202EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.47 views

FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a...

5.4CVSS4.2AI score0.00213EPSS
Exploits0Affected Software4
Fortinet
Fortinet
added 2021/01/04 12:0 a.m.47 views

FortiDeceptor - OS command injection vulnerabilities

Multiple OS command injection vulnerabilities in FortiDeceptor management interface may allow an authenticated user to execute arbitrary commands on the system via specifically crafted web requests...

9CVSS9.4AI score0.03636EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/01/03 12:0 a.m.47 views

Protect

Multiple vulnerabilities, referred to as Dragonblood, exist in WiFi WPA3 standard implementation...

6.8CVSS6.6AI score0.05372EPSS
Exploits0Affected Software5
Fortinet
Fortinet
added 2019/11/14 12:0 a.m.47 views

Protect

VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image before it is booted up to inject malicious implants in the image...

10CVSS7AI score0.0077EPSS
Exploits0Affected Software13
Fortinet
Fortinet
added 2019/08/30 12:0 a.m.47 views

Protect

An Improper Authorization vulnerability in the SSL VPN web portal may allow an unauthenticated attacker to change the password of an SSL VPN web portal user via specially crafted HTTP requests...

5CVSS7.6AI score0.81691EPSS
Exploits2Affected Software1
Fortinet
Fortinet
added 2014/12/18 12:0 a.m.47 views

CVE-2014-8730 "Poodle for TLS" vulnerability

All versions of Fortigate VM, FortiOS 5.4 branch, FortiOS 5.6 branch and next releases are not vulnerable...

4.3CVSS2.6AI score0.1372EPSS
Exploits0
Fortinet
Fortinet
added 2023/09/13 12:0 a.m.46 views

Protect

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS and FortiProxy GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting...

4.9CVSS6.9AI score0.01119EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/01/03 12:0 a.m.46 views

FortiADC - command injection in web interface

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...

6.5CVSS8.6AI score0.02891EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/09/06 12:0 a.m.46 views

FortiSOAR - Server-Side Template Injection in Playbook component

An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...

6.5CVSS8.7AI score0.00675EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/09/06 12:0 a.m.46 views

Protect

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt keytab values in FortiOS & FortiProxy may allow an attacker in possession of the encrypted secret to decipher it...

1.7CVSS4.6AI score0.00255EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/08/02 12:0 a.m.46 views

FortiADC - Unverified password change over the GUI

An unverified password change vulnerability CWE-620 in FortiADC may allow an authenticated attacker to bypass the Old Password check in the password change form for the account the attacker is logged into or for others accounts except admin when the attacker has Read Write access on System via a...

4CVSS5.3AI score0.00408EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.46 views

FortiManager - Improper Inter ADOM access control

An improper access control vulnerability CWE-284 in FortiManager may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...

4CVSS4.9AI score0.00496EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/09/07 12:0 a.m.46 views

Protect

A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific chains of print str and cmd mem cli commands to, respectively, read and write hexadecimal values to any memory address...

6.6CVSS6.2AI score0.0025EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/02/03 12:0 a.m.46 views

Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request

A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a Denial of Service attack by sending a specifically crafted POST request with a large msg value...

5CVSS7.5AI score0.01753EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/06/21 12:0 a.m.46 views

XSS vulnerability in the ESS Profile and Radius Profile of FortiWLC

An improper neutralization of input vulnerability in FortiWLC may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the ESS profile or the Radius Profile...

3.5CVSS3.5AI score0.00857EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/11/29 12:0 a.m.46 views

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

CVE-2019-11477: The Linux kernel is vulnerable to an integer overflow in the 16 bit width of TCPSKBCBskb-tcpgsosegs. A remote attacker could use this to cause a denial of service...

7.8CVSS7.7AI score0.98745EPSS
Exploits4Affected Software18
Fortinet
Fortinet
added 2016/01/12 12:0 a.m.46 views

Multiple Products SSH Undocumented Login Vulnerability

...

10CVSS8.9AI score0.71268EPSS
Exploits8
Fortinet
Fortinet
added 2015/03/24 12:0 a.m.46 views

OpenSSL vulnerabilities - March 2015

...

7.5CVSS6.6AI score0.44503EPSS
Exploits1
Fortinet
Fortinet
added 2023/06/16 12:0 a.m.45 views

Protect

A NULL pointer dereference vulnerability CWE-476 in SSL-VPN may allow an authenticated remote attacker to trigger a crash of the SSL-VPN service via crafted requests...

4CVSS6.1AI score0.00839EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.45 views

Protect

A cleartext transmission of sensitive information vulnerability CWE-319 in FortiOS & FortiProxy may allow an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands...

1.4CVSS4.7AI score0.00126EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/05/03 12:0 a.m.45 views

FortiNAC - Weak authentication mechanism on device registration page

A weak authentication vulnerability CWE-1390 in FortiNAC device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success...

5CVSS7.7AI score0.00488EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.45 views

FortiClientWindows - Arbitrary file creation by unprivileged users

A relative path traversal CWE-23 vulnerability in FortiClientWindows may allow a local low privileged attacker to perform arbitrary file creation on the device filesystem...

4.3CVSS7.1AI score0.00346EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.45 views

FortiWeb - Unauthorized Configuration Download Vulnerability

An unauthorized configuration download vulnerability CWE-285 in FortiWeb may allow a local attacker to access confidential configuration files via a crafted http request...

1.7CVSS4.3AI score0.00163EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.45 views

FortiADC - Persistent XSS in Log pages

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via HTTP fields observed in the traffic and event logviews...

5.8CVSS5.9AI score0.01716EPSS
Exploits1Affected Software1
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.45 views

FortiTester - Command injection in CLI command

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

4.3CVSS7.7AI score0.00427EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/07/05 12:0 a.m.45 views

Protect

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authentication replacement page...

5.8CVSS6.1AI score0.00533EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/05/03 12:0 a.m.45 views

FortiIsolator -- Unauthorized user able to regenerate CA certificate

An improper access control vulnerability CWE-284 in FortiIsolator may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...

6.5CVSS5.3AI score0.00565EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.45 views

FortiPortal - Authentication bypass and remote code execution as root

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.Â...

10CVSS9.3AI score0.03333EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.45 views

Protect

An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority...

7.5CVSS6.8AI score0.0048EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/04/27 12:0 a.m.45 views

Authentication bypass in FortiMail and FortiVoiceEntreprise

An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...

7.5CVSS5.7AI score0.77778EPSS
Exploits2Affected Software2
Fortinet
Fortinet
added 2020/01/27 12:0 a.m.45 views

Privilege escalation and DoS in FortiClient for Linux through local IPC socket

A privilege escalation vulnerability in FortiClient for Linux may allow a user with low privilege to run root system commands, overwrite system files or cause FortiClient processes to crash via injecting specially crafted client requests in the IPC socket of the FortiClient process...

7.2CVSS4.2AI score0.01448EPSS
Exploits4Affected Software1
Fortinet
Fortinet
added 2017/10/24 12:0 a.m.45 views

Apache Tomcat vulnerabilities

Multiple Remote Code Execution RCE vulnerabilities CVE-2017-12615, CVE-2017-12617 are affecting Apache Tomcat...

6.8CVSS3.1AI score0.99988EPSS
Exploits36
Fortinet
Fortinet
added 2016/08/17 12:0 a.m.45 views

Cookie Parser Buffer Overflow Vulnerability

FortiGate FortiOS: 4.3.8 and below 4.2.12 and below 4.1.10 and below...

10CVSS4.3AI score0.49856EPSS
Exploits2
Fortinet
Fortinet
added 2014/05/02 12:0 a.m.45 views

FortiWeb Cross-Site Request Forgery Vulnerability

...

6.8CVSS6.3AI score0.01179EPSS
Exploits1
Fortinet
Fortinet
added 2023/06/23 12:0 a.m.44 views

FortiNAC - java untrusted object deserialization RCE

A deserialization of untrusted data vulnerability CWE-502 in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service...

7.6AI score0.24296EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.44 views

FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder

An incorrect default permissions CWE-276 vulnerability in FortiClient Windows and FortiConverter Windows may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConvreter is installed in an insecure folder...

1.7CVSS6.5AI score0.0022EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/12/06 12:0 a.m.44 views

FortiADC - SQL injection vulnerability in configuration backup feature

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

6.5CVSS9AI score0.00732EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/03/02 12:0 a.m.44 views

FortiProxy SSL VPN user credential plaintext storage

...

5CVSS7.3AI score0.00994EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/05/16 12:0 a.m.44 views

FortiOS SSL Deep-Inspection Proxy Mode badssl.com Compliance

US-Cert published a document at which outlines some security flaws that may be introduced by the use of SSL Deep-Inspection.Â...

4.3CVSS6.1AI score0.00938EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2015/07/24 12:0 a.m.44 views

ZebOS routing remote shell service enabled

...

9.3CVSS6.4AI score0.03401EPSS
Exploits0
Total number of security vulnerabilities649