Lucene search
K
FortinetMost viewed

649 matches found

Fortinet
Fortinet
added 2022/11/01 12:0 a.m.45 views

FortiEDR CollectorWindows - protection bypass by killing the process with special tools

An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...

1.7CVSS5.7AI score0.00174EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/05/03 12:0 a.m.45 views

FortiIsolator -- Unauthorized user able to regenerate CA certificate

An improper access control vulnerability CWE-284 in FortiIsolator may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...

6.5CVSS5.3AI score0.00565EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/09/07 12:0 a.m.45 views

Protect

A cleartext storage in a file or on disk CWE-313 vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system...

5CVSS7.1AI score0.00994EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.45 views

FortiPortal - Authentication bypass and remote code execution as root

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.Â...

10CVSS9.3AI score0.03333EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.45 views

Protect

An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority...

7.5CVSS6.8AI score0.0048EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/01/13 12:0 a.m.45 views

FortiSIEM Database hard-coded Credentials

A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database via the use of static credentials...

7.5CVSS5.6AI score0.0115EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/04/23 12:0 a.m.45 views

FortiManager Unencrypted Password Vulnerability

A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...

4.3CVSS4AI score0.00863EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/03/29 12:0 a.m.45 views

FortiSIEM LDAP server password reflected in admin portal

An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server password via the HTML source code. This could potentially aggravate attacks targeting the authenticated admin session, should they exist XSS, social engineering, pro...

4CVSS1.5AI score0.01286EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/10/24 12:0 a.m.45 views

Apache Tomcat vulnerabilities

Multiple Remote Code Execution RCE vulnerabilities CVE-2017-12615, CVE-2017-12617 are affecting Apache Tomcat...

6.8CVSS3.1AI score0.99988EPSS
Exploits37
Fortinet
Fortinet
added 2016/08/17 12:0 a.m.45 views

Cookie Parser Buffer Overflow Vulnerability

FortiGate FortiOS: 4.3.8 and below 4.2.12 and below 4.1.10 and below...

10CVSS4.3AI score0.49856EPSS
Exploits2
Fortinet
Fortinet
added 2022/12/06 12:0 a.m.44 views

FortiADC - SQL injection vulnerability in configuration backup feature

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

6.5CVSS9AI score0.00732EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.44 views

FortiWeb - Multiple command injection vulnerabilities

Multiple command injection vulnerabilities CWE-78 in the command line interpreter of FortiWeb may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments...

9CVSS9.4AI score0.01077EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/04/06 12:0 a.m.44 views

FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability

...

4CVSS6.3AI score0.01566EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/01/03 12:0 a.m.44 views

Protect

A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP requests, the SSL-VPN web portal may respond with a redirection to websites specified by the attacker...

5.8CVSS6.1AI score0.01072EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/10/29 12:0 a.m.44 views

Command injection vulnerability in FortiClient for Mac OS

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...

7.2CVSS4.2AI score0.00436EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/11/16 12:0 a.m.44 views

Serial number disclosure in the FortiOS PPTP server hostname protocol field

Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol...

5CVSS1.1AI score0.0087EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2015/09/24 12:0 a.m.44 views

Multiple XSS vulnerabilities in FortiManager GUI

...

4.3CVSS6.4AI score0.02775EPSS
Exploits1
Fortinet
Fortinet
added 2023/05/03 12:0 a.m.43 views

FortiADC - Command injection in external resource module

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

4.3CVSS7.7AI score0.00498EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/03/07 12:0 a.m.43 views

FortiNAC - Multiple Reflected XSS

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC may allow an authenticated user to perform an XSS attack via crafted HTTP requests...

4.9CVSS5.3AI score0.00514EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.43 views

FortiWeb - format string vulnerability in the CLI

A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

4.3CVSS7.7AI score0.00249EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/07/05 12:0 a.m.43 views

FortiClient (Windows) - Privilege Escalation via directory traversal attack

A relative path traversal vulnerability CWE-23 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service...

5.9AI score0.00495EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/04/05 12:0 a.m.43 views

FortiWAN - Stored Cross-site scripting in log viewer

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiWAN may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests...

4.3CVSS5.7AI score0.00682EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/04/05 12:0 a.m.43 views

FortiWAN - Improper cryptographic operations in Dynamic Tunnel Protocol

A use of a broken or risky cryptographic algorithm vulnerability CWE-327 in the Dynamic Tunnel Protocol of FortiWAN may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages...

6.4CVSS6.5AI score0.00549EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.43 views

FortiWeb - Open redirect due to missing domain whitelisting

A URL redirection to untrusted site 'Open Redirect' CWE-601 in FortiWeb may allow an authenticated attacker to use the device as proxy to reach any protected host via crafted HTTP requests...

4.9CVSS5.4AI score0.00506EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.43 views

FortiPortal - Improper thread synchronization for database operations

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' CWE-362 in the customer database interface of FortiPortal may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

3.5CVSS5AI score0.00436EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.43 views

FortiSandbox - Unauthorized user able to download the device configuration file.

An improper access control vulnerability CWE-284 in FortiSandbox may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL...

4CVSS5.2AI score0.00646EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.43 views

Protect

A buffer underwrite CWE-124 vulnerability in the firmware verification routine of FortiWeb, FortiOS, FortiSwitch, FortiADC, FortiAI, FortiManager, FortiAnalyzer, FortiProxy may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted...

5.8CVSS8.8AI score0.00761EPSS
Exploits0Affected Software11
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.43 views

Command Injection in FSA sniffer module

An instance of improper neutralization of special elements in FortiSandbox's sniffer module may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

9CVSS7.2AI score0.0141EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.43 views

FortiMail - OS Command injection

An improper neutralization of special elementsused in an OS Command vulnerability CWE-78 in FortiMail's administrative interface may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests...

6.5CVSS8.6AI score0.01155EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.43 views

FortiMail - Unauthenticated encryption in IBE leads to email plaintext recovery

A missing cryptographic step in FortiMail IBE may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible...

5CVSS7.3AI score0.00342EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.43 views

Protect

Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting XSS attack by sending a request to the error page with malicious GET parameters...

4.3CVSS5.9AI score0.01061EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2021/04/27 12:0 a.m.43 views

Authentication bypass in FortiWAN

A relative path traversal vulnerability CWE-23 in FortiWAN may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value...

5.1AI score0.16364EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2020/09/18 12:0 a.m.43 views

XSS vulnerability in FortiManager and FortiAnalyzer

...

4.3CVSS6.3AI score0.00801EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2019/10/18 12:0 a.m.43 views

FortiClient Windows Service or Process Tampering

FortiClient for Windows could be subject to the following shut down or tampering attempts:...

4.4CVSS2.6AI score0.00511EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/01/11 12:0 a.m.43 views

Protect

There is a format string vulnerability in the SSH username handling when connecting to FortiOS 5.6.0, that may lead to memory corruption...

7.5CVSS8.8AI score0.01191EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2017/07/26 12:0 a.m.43 views

LibGD security advisory [18 January 2017]

The LibGD project released advisories on January 18th, 2017, July 22nd, 2016 and June 25th, 2016 describing 12 vulnerabilities, as listed below:...

7.5CVSS7.6AI score0.10687EPSS
Exploits2Affected Software4
Fortinet
Fortinet
added 2016/03/16 12:0 a.m.43 views

DHCP Hostname HTML Injection

...

4.3CVSS6.4AI score0.01184EPSS
Exploits0
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.42 views

Protect

A relative path traversal vulnerability CWE-23 in FortiOS, FortiProxy & FortiSwitchManager administrative interface may allow a privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests...

3.3CVSS4.7AI score0.00642EPSS
Exploits0Affected Software3
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.42 views

FortiWAN - Command injection vulnerability

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

6.5CVSS8.6AI score0.01284EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.42 views

FortiNAC - Multiple XML external entity (XXE) injection

An improper restriction of XML external entity reference vulnerability CWE-611 in the parser of XML requests of FortiNAC may allow an unauthenticated attacker to trigger a denial of service or read arbitrary files from the underlying file system via specifically crafted XML documents...

6.4CVSS8.8AI score0.00548EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/07/05 12:0 a.m.42 views

Protect

A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS and FortiProxy may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...

4CVSS7.2AI score0.00198EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/05/03 12:0 a.m.42 views

FortiSOAR - Improper access control on gateway API

An improper access control vulnerability CWE-284 in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests...

5CVSS7.4AI score0.01206EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/04/05 12:0 a.m.42 views

FortiWAN - Pervasive OS command injection

Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in FortiWAN Web GUI may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...

9CVSS9.1AI score0.01456EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/04/05 12:0 a.m.42 views

FortiEDR - Hardcoded AES key enable disabling local Collector

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

4.6CVSS7.1AI score0.0019EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.42 views

FortiWeb - Unauthorized user is granted access to the Reports available in the Log & Report section

An improper access control vulnerability CWE-284 in the Report Browse section of FortiWeb's Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs...

5CVSS2.9AI score0.00941EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/10/05 12:0 a.m.42 views

FortiSandbox - Buffer overflow due to use of size of source buffer in libc safe functions

A stack-based buffer overflow vulnerability CWE-121Â in the profile parser of FortiSandbox may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...

7.3AI score0.0047EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.42 views

FSSO Windows DC Agent [FSSO] Insecure communication between DC agent and Collector

An improper authentication vulnerability CWE-287 in FSSO Collector may allow an unauthenticated user to bypass any firewall authentication rule and access the protected network via sending specifically crafted UDP login notification packets...

5.8CVSS9.1AI score0.01031EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2021/03/02 12:0 a.m.42 views

FortiProxy multiple pre-auth XSS vulnerabilities on SSL VPN

An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a reflected Cross Site Scripting attack XSS by injecting malicious payload in the error, message or redir parameters...

4.3CVSS5.8AI score0.62474EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/11/21 12:0 a.m.42 views

CVE-2018-10933 libssh authentication bypass

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could successfully...

6.4CVSS5.1AI score0.91789EPSS
Exploits10
Fortinet
Fortinet
added 2017/07/28 12:0 a.m.42 views

FortiOS XSS vulnerabilities via FortiView Application filter, FortiToken activation & SSL VPN Replacement Messages

Three XSS vulnerabilities...

4.3CVSS2.7AI score0.08869EPSS
Exploits6Affected Software1
Total number of security vulnerabilities649