649 matches found
FortiEDR CollectorWindows - protection bypass by killing the process with special tools
An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...
FortiIsolator -- Unauthorized user able to regenerate CA certificate
An improper access control vulnerability CWE-284 in FortiIsolator may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...
Protect
A cleartext storage in a file or on disk CWE-313 vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system...
FortiPortal - Authentication bypass and remote code execution as root
A use of hard-coded credentials CWE-798 vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.Â...
Protect
An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority...
FortiSIEM Database hard-coded Credentials
A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database via the use of static credentials...
FortiManager Unencrypted Password Vulnerability
A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...
FortiSIEM LDAP server password reflected in admin portal
An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server password via the HTML source code. This could potentially aggravate attacks targeting the authenticated admin session, should they exist XSS, social engineering, pro...
Apache Tomcat vulnerabilities
Multiple Remote Code Execution RCE vulnerabilities CVE-2017-12615, CVE-2017-12617 are affecting Apache Tomcat...
Cookie Parser Buffer Overflow Vulnerability
FortiGate FortiOS: 4.3.8 and below 4.2.12 and below 4.1.10 and below...
FortiADC - SQL injection vulnerability in configuration backup feature
An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiWeb - Multiple command injection vulnerabilities
Multiple command injection vulnerabilities CWE-78 in the command line interpreter of FortiWeb may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments...
FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability
...
Protect
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP requests, the SSL-VPN web portal may respond with a redirection to websites specified by the attacker...
Command injection vulnerability in FortiClient for Mac OS
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...
Serial number disclosure in the FortiOS PPTP server hostname protocol field
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol...
Multiple XSS vulnerabilities in FortiManager GUI
...
FortiADC - Command injection in external resource module
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
FortiNAC - Multiple Reflected XSS
An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC may allow an authenticated user to perform an XSS attack via crafted HTTP requests...
FortiWeb - format string vulnerability in the CLI
A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...
FortiClient (Windows) - Privilege Escalation via directory traversal attack
A relative path traversal vulnerability CWE-23 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service...
FortiWAN - Stored Cross-site scripting in log viewer
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiWAN may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests...
FortiWAN - Improper cryptographic operations in Dynamic Tunnel Protocol
A use of a broken or risky cryptographic algorithm vulnerability CWE-327 in the Dynamic Tunnel Protocol of FortiWAN may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages...
FortiWeb - Open redirect due to missing domain whitelisting
A URL redirection to untrusted site 'Open Redirect' CWE-601 in FortiWeb may allow an authenticated attacker to use the device as proxy to reach any protected host via crafted HTTP requests...
FortiPortal - Improper thread synchronization for database operations
A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' CWE-362 in the customer database interface of FortiPortal may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...
FortiSandbox - Unauthorized user able to download the device configuration file.
An improper access control vulnerability CWE-284 in FortiSandbox may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL...
Protect
A buffer underwrite CWE-124 vulnerability in the firmware verification routine of FortiWeb, FortiOS, FortiSwitch, FortiADC, FortiAI, FortiManager, FortiAnalyzer, FortiProxy may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted...
Command Injection in FSA sniffer module
An instance of improper neutralization of special elements in FortiSandbox's sniffer module may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...
FortiMail - OS Command injection
An improper neutralization of special elementsused in an OS Command vulnerability CWE-78 in FortiMail's administrative interface may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests...
FortiMail - Unauthenticated encryption in IBE leads to email plaintext recovery
A missing cryptographic step in FortiMail IBE may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible...
Protect
Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting XSS attack by sending a request to the error page with malicious GET parameters...
Authentication bypass in FortiWAN
A relative path traversal vulnerability CWE-23 in FortiWAN may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value...
XSS vulnerability in FortiManager and FortiAnalyzer
...
FortiClient Windows Service or Process Tampering
FortiClient for Windows could be subject to the following shut down or tampering attempts:...
Protect
There is a format string vulnerability in the SSH username handling when connecting to FortiOS 5.6.0, that may lead to memory corruption...
LibGD security advisory [18 January 2017]
The LibGD project released advisories on January 18th, 2017, July 22nd, 2016 and June 25th, 2016 describing 12 vulnerabilities, as listed below:...
DHCP Hostname HTML Injection
...
Protect
A relative path traversal vulnerability CWE-23 in FortiOS, FortiProxy & FortiSwitchManager administrative interface may allow a privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests...
FortiWAN - Command injection vulnerability
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
FortiNAC - Multiple XML external entity (XXE) injection
An improper restriction of XML external entity reference vulnerability CWE-611 in the parser of XML requests of FortiNAC may allow an unauthenticated attacker to trigger a denial of service or read arbitrary files from the underlying file system via specifically crafted XML documents...
Protect
A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS and FortiProxy may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...
FortiSOAR - Improper access control on gateway API
An improper access control vulnerability CWE-284 in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests...
FortiWAN - Pervasive OS command injection
Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in FortiWAN Web GUI may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...
FortiEDR - Hardcoded AES key enable disabling local Collector
A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...
FortiWeb - Unauthorized user is granted access to the Reports available in the Log & Report section
An improper access control vulnerability CWE-284 in the Report Browse section of FortiWeb's Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs...
FortiSandbox - Buffer overflow due to use of size of source buffer in libc safe functions
A stack-based buffer overflow vulnerability CWE-121Â in the profile parser of FortiSandbox may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...
FSSO Windows DC Agent [FSSO] Insecure communication between DC agent and Collector
An improper authentication vulnerability CWE-287 in FSSO Collector may allow an unauthenticated user to bypass any firewall authentication rule and access the protected network via sending specifically crafted UDP login notification packets...
FortiProxy multiple pre-auth XSS vulnerabilities on SSL VPN
An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a reflected Cross Site Scripting attack XSS by injecting malicious payload in the error, message or redir parameters...
CVE-2018-10933 libssh authentication bypass
libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could successfully...
FortiOS XSS vulnerabilities via FortiView Application filter, FortiToken activation & SSL VPN Replacement Messages
Three XSS vulnerabilities...