649 matches found
FortiAnalyzer & FortiManager - OS command injection vulnerability in CLI
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiAnalyzer & FortiManager may allow an authenticated attacker to execute arbitrary shell code as root user via diagnose system CLI commands...
FortiMail - reflected cross-site scripting vulnerability in FortiGuard URI protection
An improper neutralization of input during web page generation vulnerability 'Cross-site Scripting' CWE-79 in FortiMail may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the FortiGuard URI protection service...
Protect
A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific chains of print str and cmd mem cli commands to, respectively, read and write hexadecimal values to any memory address...
Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request
A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a Denial of Service attack by sending a specifically crafted POST request with a large msg value...
Authentication bypass in FortiMail and FortiVoiceEntreprise
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...
TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479
CVE-2019-11477: The Linux kernel is vulnerable to an integer overflow in the 16 bit width of TCPSKBCBskb-tcpgsosegs. A remote attacker could use this to cause a denial of service...
Protect
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS and FortiProxy may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request...
FortiOS IKE VendorID version information disclosure
The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number...
OpenSSL vulnerabilities - March 2015
...
FortiClientWindows - Arbitrary file creation by unprivileged users
A relative path traversal CWE-23 vulnerability in FortiClientWindows may allow a local low privileged attacker to perform arbitrary file creation on the device filesystem...
FortiAnalyzer - Improper input validation in custom dataset
An improper input validation vulnerability CWE-20 in FortiAnalyzer may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...
FortiWeb - Unauthorized Configuration Download Vulnerability
An unauthorized configuration download vulnerability CWE-285 in FortiWeb may allow a local attacker to access confidential configuration files via a crafted http request...
FortiWeb - Multiple Stack based buffer overflow in web interface
Multiple buffer overflow CWE-121 vulnerabilities in the web server of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted HTTP requests...
FortiWeb - Buffer overflow in execute backup-local command
A stack-based buffer overflow vulnerability CWE-121 in FortiWeb may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show operations...
FortiADC - Persistent XSS in Log pages
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via HTTP fields observed in the traffic and event logviews...
FortiTester - Command injection in CLI command
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
Protect
A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS may allow an unauthenticated attacker to perform a man in the middle attack...
FortiIsolator -- Unauthorized user able to regenerate CA certificate
An improper access control vulnerability CWE-284 in FortiIsolator may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...
FortiExtender - Arbitrary command execution because of missing CLI input sanitization
An improper neutralization of special elements used in a command vulnerability 'Command Injection' CWE-77 in FortiExtender may allow an authenticated user to raise its privileges to admin user via crafted arguments of the execute CLI command...
FortiPortal - Authentication bypass and remote code execution as root
A use of hard-coded credentials CWE-798 vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.Â...
Protect
An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority...
Protect
An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal denial of service DoS via handling special crafted HTTP requests/responses in pieces slowly. Slow HTTP attacks are denial-of-service DoS attacks in which the attacker sends HT...
Protect
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system's builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up...
FortiSIEM external authentication password reflected in external authentication profile
An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.This could potentially aggravate attacks targeting the authenticated admin session, should...
The ROBOT Attack - Return of Bleichenbacher's Oracle Threat
A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key...
FortiOS SSL Deep-Inspection Proxy Mode badssl.com Compliance
US-Cert published a document at which outlines some security flaws that may be introduced by the use of SSL Deep-Inspection.Â...
Apache Tomcat vulnerabilities
Multiple Remote Code Execution RCE vulnerabilities CVE-2017-12615, CVE-2017-12617 are affecting Apache Tomcat...
Cookie Parser Buffer Overflow Vulnerability
FortiGate FortiOS: 4.3.8 and below 4.2.12 and below 4.1.10 and below...
FortiWeb Cross-Site Scripting Vulnerability
...
Protect
An improper authorization vulnerability CWE-285 in FortiOS's WEB UI component may allow an authenticated attacker belonging to the prof-admin profile to perform elevated actions...
FortiSandbox / FortiDeceptor - Improper profile-based access control over APIs
An improper privilege management vulnerability CWE-269 in FortiSandbox & FortiDeceptor may allow a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests...
FortiADC - SQL injection vulnerability in configuration backup feature
An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiToken Mobile (Android) - Deny request approved from External push notification
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user...
Protect
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP requests, the SSL-VPN web portal may respond with a redirection to websites specified by the attacker...
Command injection vulnerability in FortiClient for Mac OS
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...
FortiManager Unencrypted Password Vulnerability
A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...
FortiADC - Command injection in external resource module
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
FortiNAC - Multiple Reflected XSS
An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC may allow an authenticated user to perform an XSS attack via crafted HTTP requests...
FortiNAC - Unauthenticated access to administrative operations
An improper authorization vulnerability CWE-285 in FortiNAC may allow an unauthenticated attacker to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...
FortiManager & FortiAnalyzer - Privilege escalation vulnerability
A privilege chaining vulnerability CWE-268 in FortiManager and FortiAnalyzer may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system...
FortiWAN - Improper cryptographic operations in Dynamic Tunnel Protocol
A use of a broken or risky cryptographic algorithm vulnerability CWE-327 in the Dynamic Tunnel Protocol of FortiWAN may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages...
FortiWeb - Multiple command injection vulnerabilities
Multiple command injection vulnerabilities CWE-78 in the command line interpreter of FortiWeb may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments...
Command Injection in FSA sniffer module
An instance of improper neutralization of special elements in FortiSandbox's sniffer module may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...
FortiMail - OS Command injection
An improper neutralization of special elementsused in an OS Command vulnerability CWE-78 in FortiMail's administrative interface may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests...
XSS vulnerability in FortiManager and FortiAnalyzer
...
XSS vulnerability in FortiAuthenticator OWA Agent
FortiAuthenticator Agent for Outlook Web Access v1.5 and below...
FortiExtender OS command injection through execute date CLI command
An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands...
FortiClient Windows Service or Process Tampering
FortiClient for Windows could be subject to the following shut down or tampering attempts:...
DHCP Hostname HTML Injection
...
Protect
A NULL pointer dereference vulnerability CWE-476 in FortiOS may allow a remote unauthenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests...