Lucene search
K
FortinetMost viewed

649 matches found

Fortinet
Fortinet
•added 2022/07/05 12:0 a.m.•46 views

FortiAnalyzer & FortiManager - OS command injection vulnerability in CLI

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiAnalyzer & FortiManager may allow an authenticated attacker to execute arbitrary shell code as root user via diagnose system CLI commands...

5.8CVSS7.5AI score0.02116EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2022/02/01 12:0 a.m.•46 views

FortiMail - reflected cross-site scripting vulnerability in FortiGuard URI protection

An improper neutralization of input during web page generation vulnerability 'Cross-site Scripting' CWE-79 in FortiMail may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the FortiGuard URI protection service...

4.3CVSS1.4AI score0.12936EPSS
Exploits5Affected Software1
Fortinet
Fortinet
•added 2021/09/07 12:0 a.m.•46 views

Protect

A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific chains of print str and cmd mem cli commands to, respectively, read and write hexadecimal values to any memory address...

6.6CVSS6.2AI score0.0025EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/02/03 12:0 a.m.•46 views

Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request

A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a Denial of Service attack by sending a specifically crafted POST request with a large msg value...

5CVSS7.5AI score0.01753EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2020/04/27 12:0 a.m.•46 views

Authentication bypass in FortiMail and FortiVoiceEntreprise

An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...

7.5CVSS5.7AI score0.77778EPSS
Exploits2Affected Software2
Fortinet
Fortinet
•added 2019/11/29 12:0 a.m.•46 views

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

CVE-2019-11477: The Linux kernel is vulnerable to an integer overflow in the 16 bit width of TCPSKBCBskb-tcpgsosegs. A remote attacker could use this to cause a denial of service...

7.8CVSS7.7AI score0.98745EPSS
Exploits4Affected Software18
Fortinet
Fortinet
•added 2019/11/08 12:0 a.m.•46 views

Protect

An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS and FortiProxy may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request...

5CVSS7.3AI score0.01262EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2017/08/11 12:0 a.m.•46 views

FortiOS IKE VendorID version information disclosure

The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number...

5CVSS2.1AI score0.01449EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2015/03/24 12:0 a.m.•46 views

OpenSSL vulnerabilities - March 2015

...

7.5CVSS6.6AI score0.44503EPSS
Exploits1
Fortinet
Fortinet
•added 2023/04/11 12:0 a.m.•45 views

FortiClientWindows - Arbitrary file creation by unprivileged users

A relative path traversal CWE-23 vulnerability in FortiClientWindows may allow a local low privileged attacker to perform arbitrary file creation on the device filesystem...

4.3CVSS7.1AI score0.00346EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/04/11 12:0 a.m.•45 views

FortiAnalyzer - Improper input validation in custom dataset

An improper input validation vulnerability CWE-20 in FortiAnalyzer may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...

1.7CVSS6AI score0.00187EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/02/16 12:0 a.m.•45 views

FortiWeb - Unauthorized Configuration Download Vulnerability

An unauthorized configuration download vulnerability CWE-285 in FortiWeb may allow a local attacker to access confidential configuration files via a crafted http request...

1.7CVSS4.3AI score0.00163EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/02/16 12:0 a.m.•45 views

FortiWeb - Multiple Stack based buffer overflow in web interface

Multiple buffer overflow CWE-121 vulnerabilities in the web server of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted HTTP requests...

6.5CVSS9.2AI score0.00792EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/02/16 12:0 a.m.•45 views

FortiWeb - Buffer overflow in execute backup-local command

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show operations...

5.8CVSS7.6AI score0.00941EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2022/11/01 12:0 a.m.•45 views

FortiADC - Persistent XSS in Log pages

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via HTTP fields observed in the traffic and event logviews...

5.8CVSS5.9AI score0.01716EPSS
Exploits1Affected Software1
Fortinet
Fortinet
•added 2022/11/01 12:0 a.m.•45 views

FortiTester - Command injection in CLI command

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

4.3CVSS7.7AI score0.00427EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2022/11/01 12:0 a.m.•45 views

Protect

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS may allow an unauthenticated attacker to perform a man in the middle attack...

5.1CVSS7.8AI score0.00443EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2022/05/03 12:0 a.m.•45 views

FortiIsolator -- Unauthorized user able to regenerate CA certificate

An improper access control vulnerability CWE-284 in FortiIsolator may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...

6.5CVSS5.3AI score0.00565EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2022/02/01 12:0 a.m.•45 views

FortiExtender - Arbitrary command execution because of missing CLI input sanitization

An improper neutralization of special elements used in a command vulnerability 'Command Injection' CWE-77 in FortiExtender may allow an authenticated user to raise its privileges to admin user via crafted arguments of the execute CLI command...

9CVSS5.9AI score0.01055EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/08/03 12:0 a.m.•45 views

FortiPortal - Authentication bypass and remote code execution as root

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.Â...

10CVSS9.3AI score0.03333EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/06/01 12:0 a.m.•45 views

Protect

An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority...

7.5CVSS6.8AI score0.0048EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2020/02/03 12:0 a.m.•45 views

Protect

An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal denial of service DoS via handling special crafted HTTP requests/responses in pieces slowly. Slow HTTP attacks are denial-of-service DoS attacks in which the attacker sends HT...

5CVSS7.4AI score0.02385EPSS
Exploits0Affected Software9
Fortinet
Fortinet
•added 2019/11/14 12:0 a.m.•45 views

Protect

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system's builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up...

2.1CVSS5.3AI score0.00189EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2019/10/08 12:0 a.m.•45 views

FortiSIEM external authentication password reflected in external authentication profile

An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.This could potentially aggravate attacks targeting the authenticated admin session, should...

4CVSS1.5AI score0.00894EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2018/08/27 12:0 a.m.•45 views

The ROBOT Attack - Return of Bleichenbacher's Oracle Threat

A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key...

4.3CVSS4.5AI score0.01134EPSS
Exploits0
Fortinet
Fortinet
•added 2018/05/16 12:0 a.m.•45 views

FortiOS SSL Deep-Inspection Proxy Mode badssl.com Compliance

US-Cert published a document at which outlines some security flaws that may be introduced by the use of SSL Deep-Inspection.Â...

4.3CVSS6.1AI score0.00938EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2017/10/24 12:0 a.m.•45 views

Apache Tomcat vulnerabilities

Multiple Remote Code Execution RCE vulnerabilities CVE-2017-12615, CVE-2017-12617 are affecting Apache Tomcat...

6.8CVSS3.1AI score0.99988EPSS
Exploits37
Fortinet
Fortinet
•added 2016/08/17 12:0 a.m.•45 views

Cookie Parser Buffer Overflow Vulnerability

FortiGate FortiOS: 4.3.8 and below 4.2.12 and below 4.1.10 and below...

10CVSS4.3AI score0.49856EPSS
Exploits2
Fortinet
Fortinet
•added 2014/02/03 12:0 a.m.•45 views

FortiWeb Cross-Site Scripting Vulnerability

...

4.3CVSS6.3AI score0.02413EPSS
Exploits1
Fortinet
Fortinet
•added 2023/10/10 12:0 a.m.•44 views

Protect

An improper authorization vulnerability CWE-285 in FortiOS's WEB UI component may allow an authenticated attacker belonging to the prof-admin profile to perform elevated actions...

6.5CVSS6.7AI score0.0083EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/04/11 12:0 a.m.•44 views

FortiSandbox / FortiDeceptor - Improper profile-based access control over APIs

An improper privilege management vulnerability CWE-269 in FortiSandbox & FortiDeceptor may allow a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests...

6.5CVSS8.1AI score0.00975EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2022/12/06 12:0 a.m.•44 views

FortiADC - SQL injection vulnerability in configuration backup feature

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

6.5CVSS9AI score0.00732EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2022/03/01 12:0 a.m.•44 views

FortiToken Mobile (Android) - Deny request approved from External push notification

An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user...

3.5CVSS3.2AI score0.00636EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2020/01/03 12:0 a.m.•44 views

Protect

A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP requests, the SSL-VPN web portal may respond with a redirection to websites specified by the attacker...

5.8CVSS6.1AI score0.01072EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2019/10/29 12:0 a.m.•44 views

Command injection vulnerability in FortiClient for Mac OS

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...

7.2CVSS4.2AI score0.00436EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2019/04/23 12:0 a.m.•44 views

FortiManager Unencrypted Password Vulnerability

A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...

4.3CVSS4AI score0.00863EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/05/03 12:0 a.m.•43 views

FortiADC - Command injection in external resource module

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

4.3CVSS7.7AI score0.00498EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/03/07 12:0 a.m.•43 views

FortiNAC - Multiple Reflected XSS

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC may allow an authenticated user to perform an XSS attack via crafted HTTP requests...

4.9CVSS5.3AI score0.00514EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/02/16 12:0 a.m.•43 views

FortiNAC - Unauthenticated access to administrative operations

An improper authorization vulnerability CWE-285 in FortiNAC may allow an unauthenticated attacker to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

7.5CVSS9AI score0.01079EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2022/07/05 12:0 a.m.•43 views

FortiManager & FortiAnalyzer - Privilege escalation vulnerability

A privilege chaining vulnerability CWE-268 in FortiManager and FortiAnalyzer may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system...

4CVSS6.4AI score0.00258EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2022/04/05 12:0 a.m.•43 views

FortiWAN - Improper cryptographic operations in Dynamic Tunnel Protocol

A use of a broken or risky cryptographic algorithm vulnerability CWE-327 in the Dynamic Tunnel Protocol of FortiWAN may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages...

6.4CVSS6.5AI score0.00549EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/12/07 12:0 a.m.•43 views

FortiWeb - Multiple command injection vulnerabilities

Multiple command injection vulnerabilities CWE-78 in the command line interpreter of FortiWeb may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments...

9CVSS9.4AI score0.01077EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/07/07 12:0 a.m.•43 views

Command Injection in FSA sniffer module

An instance of improper neutralization of special elements in FortiSandbox's sniffer module may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

9CVSS7.2AI score0.0141EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/07/07 12:0 a.m.•43 views

FortiMail - OS Command injection

An improper neutralization of special elementsused in an OS Command vulnerability CWE-78 in FortiMail's administrative interface may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests...

6.5CVSS8.6AI score0.01155EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2020/09/18 12:0 a.m.•43 views

XSS vulnerability in FortiManager and FortiAnalyzer

...

4.3CVSS6.3AI score0.00801EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2020/01/06 12:0 a.m.•43 views

XSS vulnerability in FortiAuthenticator OWA Agent

FortiAuthenticator Agent for Outlook Web Access v1.5 and below...

4.3CVSS3.8AI score0.00698EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2019/11/01 12:0 a.m.•43 views

FortiExtender OS command injection through execute date CLI command

An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands...

9CVSS7.1AI score0.01907EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2019/10/18 12:0 a.m.•43 views

FortiClient Windows Service or Process Tampering

FortiClient for Windows could be subject to the following shut down or tampering attempts:...

4.4CVSS2.6AI score0.00511EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2016/03/16 12:0 a.m.•43 views

DHCP Hostname HTML Injection

...

4.3CVSS6.4AI score0.01184EPSS
Exploits0
Fortinet
Fortinet
•added 2023/06/12 12:0 a.m.•42 views

Protect

A NULL pointer dereference vulnerability CWE-476 in FortiOS may allow a remote unauthenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests...

6.4AI score0.0261EPSS
Exploits0Affected Software2
Total number of security vulnerabilities649