Lucene search
K
FortinetMost viewed

649 matches found

Fortinet
Fortinet
added 2021/01/04 12:0 a.m.38 views

FortiWeb - Stack-Based Buffer Overflow vulnerability

A stack-based buffer overflow CWE-121 vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values...

7.5CVSS9.8AI score0.03301EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/02/10 12:0 a.m.38 views

FortiAP system command injection through ifconfig command

A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands...

7.2CVSS5.1AI score0.00624EPSS
Exploits0Affected Software4
Fortinet
Fortinet
added 2019/10/18 12:0 a.m.38 views

FortiClient Windows Service or Process Tampering

FortiClient for Windows could be subject to the following shut down or tampering attempts:...

4.4CVSS2.6AI score0.00511EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/08/27 12:0 a.m.38 views

The ROBOT Attack - Return of Bleichenbacher's Oracle Threat

A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key...

4.3CVSS4.5AI score0.01134EPSS
Exploits0
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.37 views

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS and FortiProxy may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server...

4CVSS5.5AI score0.00192EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/03/07 12:0 a.m.37 views

FortiAnalyzer -- the log-fetch client request password is shown in clear text in the heartbeat response

An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiAnalyzer may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer...

2.1CVSS4.5AI score0.00241EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.37 views

FortiNAC - Multiple Stored and Reflected XSS

Several improper neutralization of inputs during web page generation vulnerability CWE-79 in FortiNAC may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests...

4.9CVSS5.2AI score0.00462EPSS
Exploits0
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.37 views

FortiWeb - Multiple OS command injection

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...

6.5CVSS8.9AI score0.01324EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.37 views

Protect

An improper access control CWE-284 vulnerability in FortiOS may allow a remote authenticated read-only user to modify the interface settings via the API...

4CVSS4.9AI score0.22991EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.37 views

FortiDeceptor - Reflected XSS vulnerability on Lure Resources page

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting XSS attack via sending requests with specially crafted lure resource ID...

4.9CVSS5.2AI score0.00448EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.37 views

FortiADC - Stored XSS vulnerability in external resource page

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC management interface may allow a remote and authenticated attacker to trigger a stored cross site scripting XSS attack via configuring a specially crafted IP Address...

4.9CVSS5.2AI score0.00448EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/10/10 12:0 a.m.37 views

FortiTester - Unauthenticated command injection

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in Console, Telnet, and SSH login components of FortiTester may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell...

7.5CVSS9.8AI score0.02501EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/03/01 12:0 a.m.37 views

FortiPortal - Insecure password generation

The use of a cryptographically weak pseudo-random number generator CWE-338 in the password reset feature of FortiPortal may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...

6.8CVSS8AI score0.01136EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.37 views

FortiSIEM - privilege escalation by script executionution in Windows Agent

An improper privilege management vulnerability CWE-269 in the FortiSIEM Windows Agent may allow an authenticated user to execute unauthorized code or commands as a privileged user via script execution...

4.6CVSS7.4AI score0.00208EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.37 views

FortiManager & FortiAnalyzer - Improper access control on the administrators account list

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration...

4CVSS5AI score0.00646EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.37 views

FortiMail - Unauthenticated encryption in IBE leads to email plaintext recovery

A missing cryptographic step in FortiMail IBE may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible...

5CVSS7.3AI score0.00342EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.37 views

Protect

Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting XSS attack by sending a request to the error page with malicious GET parameters...

4.3CVSS5.9AI score0.01061EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2020/12/01 12:0 a.m.37 views

Protect

An improper neutralization of input vulnerability in the FortiGate may allow a remote attacker to perform a stored cross site scripting attack XSS via the IPS and WAF logs dashboard...

4.3CVSS5.8AI score0.00802EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/11/03 12:0 a.m.37 views

FortiMail software-version detection vulnerability

An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file...

5.4AI score0.00481EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2020/09/24 12:0 a.m.37 views

Protect

FortiGate versions 6.0.11 and below. FortiGate versions 6.2.5 and below. This issue is triggered ONLY when fabric/fortiheartbeat/endpoint-compliance is enabled at the interface level...

5CVSS5.6AI score0.009EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/11/25 12:0 a.m.37 views

Protect

An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site Scripting attack XSS by sending a crafted DHCP packet...

5.7AI score0.00331EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/01/11 12:0 a.m.37 views

Protect

There is a format string vulnerability in the SSH username handling when connecting to FortiOS 5.6.0, that may lead to memory corruption...

7.5CVSS8.8AI score0.01191EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2018/06/22 12:0 a.m.37 views

FortiManager XSS vulnerability when view config under Revision History

A potential Cross-site Scripting XSS vulnerability exists in FortiManager: Displayed data is not sanitized when an administrator views the managed devices configuration, in the installation revision history of the GUI...

3.5CVSS1.6AI score0.01193EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2015/09/01 12:0 a.m.37 views

Mulitple Vulnerabilities in FortiClient

...

2.1CVSS6.4AI score0.01011EPSS
Exploits2
Fortinet
Fortinet
added 2012/02/01 12:0 a.m.37 views

Potential Information Disclosure Vulnerability in FortiGate

...

4.3CVSS2.1AI score0.01407EPSS
Exploits1
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.36 views

FortiSIEM - Bruteforce of Exposed Endpoints

An improper restriction of excessive authentication attempts CWE-307 in FortiSIEM may allow a unauthenticated user with access to several endpoints to perform a brute force attack on these endpoints...

6.5CVSS7.2AI score0.00534EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/05/03 12:0 a.m.36 views

FortiNAC - database harcoded credentials

A use of hard-coded credentials vulnerability CWE-798 in FortiNAC may allow an authenticated attacker to access to the database via shell commands...

4.3CVSS7.3AI score0.00164EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/05/03 12:0 a.m.36 views

FortiNAC - Weak password hashing method in /etc/shadow

An insufficiently protected credentials vulnerability CWE-522 in FortiNAC may allow a local attacker with system access to retrieve users' passwords...

1.4CVSS5AI score0.00143EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.36 views

FortiWeb - Path traversal in API handler

A relative path traversal vulnerability CWE-23 in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests...

4CVSS6.1AI score0.00802EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.36 views

FortiWeb - format string vulnerability in the CLI

A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

4.3CVSS7.7AI score0.00249EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/12/06 12:0 a.m.36 views

FortiSandbox & FortiDeceptor - Insufficient logging and lack of limitation of failed authentication attempts

An insufficient logging CWE-778 vulnerability in FortiSandbox and FortiDeceptor may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts...

5CVSS7.4AI score0.00613EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2022/07/05 12:0 a.m.36 views

FortiADC - Multiple SQL Injection vulnerabilities in the management interface

Multiple improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerabilities CWE-89 in FortiADC management interface may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

6.5CVSS9.1AI score0.00559EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2022/04/05 12:0 a.m.36 views

FortiClient (Linux) - Improper directories permissions

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

5CVSS3.6AI score0.00487EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.36 views

FortiWeb - Reflected cross-site scripting in SAML login

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiWeb may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the SAML login webpage...

4.3CVSS5.9AI score0.00823EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.36 views

FortiWLM - Command injection in script handlers

An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWLM may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests to various controllers...

6.5CVSS8.7AI score0.01895EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.36 views

FortiWeb - Stack-Based Buffer Overflow vulnerability

A stack-based buffer overflow CWE-121 vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values...

7.5CVSS9.8AI score0.01561EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.36 views

FortiManager- Improper access control in SD-WAN Orchestrator

An improper access control vulnerability in FortiManager may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL...

6.5CVSS8.2AI score0.00958EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.36 views

FortiMail / FortiNDR / FortiWeb - Path traversal vulnerabilities

Multiple Path traversal vulnerabilities in FortiMail, FortiNDR & FortiWeb may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests...

4CVSS6.4AI score0.01102EPSS
Exploits0Affected Software3
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.36 views

FortiWLC - Hardcoded root password

A use of hard-coded password vulnerability in FortiWLC may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded username and password...

2.2AI score0.00156EPSS
Exploits0
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.36 views

FortiSwitch - memory leak issue in lldpmedd daemon

A missing release of memory after effective lifetime vulnerability in FortiSwitch may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device...

3.3CVSS6.3AI score0.00381EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.36 views

FortiAuthenticator - Hard-coded cryptographic keys used to encrypt sensitive data

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...

5CVSS7.2AI score0.00563EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/04/27 12:0 a.m.36 views

Authentication bypass in FortiWAN

A relative path traversal vulnerability CWE-23 in FortiWAN may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value...

5.1AI score0.16364EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2019/04/02 12:0 a.m.36 views

FortiClient Mac is vulnerable to a local denial of service

An improper access control vulnerability in FortiClientMac may allow an attacker to affect the application's performance via modifying the content of a file used by several FortiClientMac processes...

3.6CVSS4.4AI score0.00357EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/03/29 12:0 a.m.36 views

FortiSIEM LDAP server password reflected in admin portal

An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server password via the HTML source code. This could potentially aggravate attacks targeting the authenticated admin session, should they exist XSS, social engineering, pro...

4CVSS1.5AI score0.01286EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2016/09/30 12:0 a.m.36 views

FortiWLC PAM.log authenticated user information exposure

The pam.log file generated by FortiWLC contains authenticated users credentials local admin and users authenticated against external servers. Users with admin privileges can access the pam.log file and read the credentials...

4CVSS3.6AI score0.01109EPSS
Exploits0
Fortinet
Fortinet
added 2015/02/25 12:0 a.m.36 views

FortiClient Android and iOS multiple vulnerabilities

...

5CVSS6.5AI score0.00774EPSS
Exploits1
Fortinet
Fortinet
added 2023/10/10 12:0 a.m.35 views

Protect

A use of GET request method with sensitive query strings vulnerability CWE-598 in the FortiOS SSL VPN component may allow an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services found in logs, referers,...

5CVSS6.7AI score0.00879EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.35 views

Protect

An access of uninitialized pointer vulnerability CWE-824 in FortiOS administrative interface API may allow an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests...

4CVSS5AI score0.00884EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/06/12 12:0 a.m.35 views

Protect

A NULL pointer dereference vulnerability CWE-476 in FortiOS may allow an authenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests to the /proxy endpoint...

6.2AI score0.02454EPSS
Exploits0Affected Software2
Fortinet
Fortinet
added 2023/05/03 12:0 a.m.35 views

FortiADC - Path traversal vulnerability in CLI

A relative path traversal vulnerability CWE-23 in FortiADC may allow a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands...

3.2CVSS6.7AI score0.00226EPSS
Exploits0Affected Software1
Total number of security vulnerabilities649