649 matches found
FortiClient - installer DLL Hijacking Vulnerability
Multiple unsafe search path vulnerabilities in FortiClient online installers may allow an attacker with control over the directory in which the installers reside to execute arbitrary code on the system via uploading malicious .dll files in that directory...
OpenSSL Security Advisory [26 Jan 2017]
The OpenSSL project released an advisory on Jan 26th, 2017, describing 3 Moderate, 1 Low severity vulnerabilities, as listed below:Â...
Multiple CSRF Vulnerabilities in FortiGate
...
Protect
An out-of-bounds write vulnerability CWE-787 in Command Line Interface of FortiOS and FortiProxy may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands...
FortiAuthenticator - XSS vulnerability in OWA login page
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAuthenticator OWA Agent may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...
FortiAP-U - Relative path traversal vulnerability in CLI
A path traversal vulnerability CWE-22 in FortiAP-U CLI may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...
OpenSSL vulnerabilities - June 2015
...
FortiADC - Improper input validation in download features
Multiple improper input validation vulnerabilities CWE-20 may allow an authenticated attacker to retrieve files with specific extensions from the underlying Linux system via crafted HTTP requests...
FortiAnalyzer & FortiManager - improper authorization to template image
An exposure of resource to wrong sphere vulnerability CWE-668 in FortiAnalyzer and FortiManager GUI may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path...
FortiSOAR - Privilege escalation from nginx user to root
An improper privilege management vulnerability CWE-269 in FortiSOAR may allow a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...
FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability
A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a...
FortiDeceptor - OS command injection vulnerabilities
Multiple OS command injection vulnerabilities in FortiDeceptor management interface may allow an authenticated user to execute arbitrary commands on the system via specifically crafted web requests...
Protect
Multiple vulnerabilities, referred to as Dragonblood, exist in WiFi WPA3 standard implementation...
Protect
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image before it is booted up to inject malicious implants in the image...
Protect
An Improper Authorization vulnerability in the SSL VPN web portal may allow an unauthenticated attacker to change the password of an SSL VPN web portal user via specially crafted HTTP requests...
CVE-2014-8730 "Poodle for TLS" vulnerability
All versions of Fortigate VM, FortiOS 5.4 branch, FortiOS 5.6 branch and next releases are not vulnerable...
Protect
An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS and FortiProxy GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting...
FortiADC - command injection in web interface
An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiSOAR - Server-Side Template Injection in Playbook component
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
Protect
A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt keytab values in FortiOS & FortiProxy may allow an attacker in possession of the encrypted secret to decipher it...
FortiADC - Unverified password change over the GUI
An unverified password change vulnerability CWE-620 in FortiADC may allow an authenticated attacker to bypass the Old Password check in the password change form for the account the attacker is logged into or for others accounts except admin when the attacker has Read Write access on System via a...
FortiManager - Improper Inter ADOM access control
An improper access control vulnerability CWE-284 in FortiManager may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...
Protect
A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific chains of print str and cmd mem cli commands to, respectively, read and write hexadecimal values to any memory address...
Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request
A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a Denial of Service attack by sending a specifically crafted POST request with a large msg value...
XSS vulnerability in the ESS Profile and Radius Profile of FortiWLC
An improper neutralization of input vulnerability in FortiWLC may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the ESS profile or the Radius Profile...
TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479
CVE-2019-11477: The Linux kernel is vulnerable to an integer overflow in the 16 bit width of TCPSKBCBskb-tcpgsosegs. A remote attacker could use this to cause a denial of service...
Multiple Products SSH Undocumented Login Vulnerability
...
OpenSSL vulnerabilities - March 2015
...
Protect
A NULL pointer dereference vulnerability CWE-476 in SSL-VPN may allow an authenticated remote attacker to trigger a crash of the SSL-VPN service via crafted requests...
Protect
A cleartext transmission of sensitive information vulnerability CWE-319 in FortiOS & FortiProxy may allow an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands...
FortiNAC - Weak authentication mechanism on device registration page
A weak authentication vulnerability CWE-1390 in FortiNAC device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success...
FortiClientWindows - Arbitrary file creation by unprivileged users
A relative path traversal CWE-23 vulnerability in FortiClientWindows may allow a local low privileged attacker to perform arbitrary file creation on the device filesystem...
FortiWeb - Unauthorized Configuration Download Vulnerability
An unauthorized configuration download vulnerability CWE-285 in FortiWeb may allow a local attacker to access confidential configuration files via a crafted http request...
FortiADC - Persistent XSS in Log pages
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via HTTP fields observed in the traffic and event logviews...
FortiTester - Command injection in CLI command
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
Protect
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authentication replacement page...
FortiIsolator -- Unauthorized user able to regenerate CA certificate
An improper access control vulnerability CWE-284 in FortiIsolator may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...
FortiPortal - Authentication bypass and remote code execution as root
A use of hard-coded credentials CWE-798 vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.Â...
Protect
An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority...
Authentication bypass in FortiMail and FortiVoiceEntreprise
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...
Privilege escalation and DoS in FortiClient for Linux through local IPC socket
A privilege escalation vulnerability in FortiClient for Linux may allow a user with low privilege to run root system commands, overwrite system files or cause FortiClient processes to crash via injecting specially crafted client requests in the IPC socket of the FortiClient process...
Apache Tomcat vulnerabilities
Multiple Remote Code Execution RCE vulnerabilities CVE-2017-12615, CVE-2017-12617 are affecting Apache Tomcat...
Cookie Parser Buffer Overflow Vulnerability
FortiGate FortiOS: 4.3.8 and below 4.2.12 and below 4.1.10 and below...
FortiWeb Cross-Site Request Forgery Vulnerability
...
FortiNAC - java untrusted object deserialization RCE
A deserialization of untrusted data vulnerability CWE-502 in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service...
FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder
An incorrect default permissions CWE-276 vulnerability in FortiClient Windows and FortiConverter Windows may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConvreter is installed in an insecure folder...
FortiADC - SQL injection vulnerability in configuration backup feature
An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiProxy SSL VPN user credential plaintext storage
...
FortiOS SSL Deep-Inspection Proxy Mode badssl.com Compliance
US-Cert published a document at which outlines some security flaws that may be introduced by the use of SSL Deep-Inspection.Â...
ZebOS routing remote shell service enabled
...