649 matches found
FortiWeb - Stack-Based Buffer Overflow vulnerability
A stack-based buffer overflow CWE-121 vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values...
FortiAP system command injection through ifconfig command
A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands...
FortiClient Windows Service or Process Tampering
FortiClient for Windows could be subject to the following shut down or tampering attempts:...
The ROBOT Attack - Return of Bleichenbacher's Oracle Threat
A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key...
Protect
An improper certificate validation vulnerability CWE-295 in FortiOS and FortiProxy may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server...
FortiAnalyzer -- the log-fetch client request password is shown in clear text in the heartbeat response
An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiAnalyzer may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer...
FortiNAC - Multiple Stored and Reflected XSS
Several improper neutralization of inputs during web page generation vulnerability CWE-79 in FortiNAC may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests...
FortiWeb - Multiple OS command injection
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
Protect
An improper access control CWE-284 vulnerability in FortiOS may allow a remote authenticated read-only user to modify the interface settings via the API...
FortiDeceptor - Reflected XSS vulnerability on Lure Resources page
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting XSS attack via sending requests with specially crafted lure resource ID...
FortiADC - Stored XSS vulnerability in external resource page
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC management interface may allow a remote and authenticated attacker to trigger a stored cross site scripting XSS attack via configuring a specially crafted IP Address...
FortiTester - Unauthenticated command injection
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in Console, Telnet, and SSH login components of FortiTester may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell...
FortiPortal - Insecure password generation
The use of a cryptographically weak pseudo-random number generator CWE-338 in the password reset feature of FortiPortal may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...
FortiSIEM - privilege escalation by script executionution in Windows Agent
An improper privilege management vulnerability CWE-269 in the FortiSIEM Windows Agent may allow an authenticated user to execute unauthorized code or commands as a privileged user via script execution...
FortiManager & FortiAnalyzer - Improper access control on the administrators account list
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration...
FortiMail - Unauthenticated encryption in IBE leads to email plaintext recovery
A missing cryptographic step in FortiMail IBE may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible...
Protect
Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting XSS attack by sending a request to the error page with malicious GET parameters...
Protect
An improper neutralization of input vulnerability in the FortiGate may allow a remote attacker to perform a stored cross site scripting attack XSS via the IPS and WAF logs dashboard...
FortiMail software-version detection vulnerability
An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file...
Protect
FortiGate versions 6.0.11 and below. FortiGate versions 6.2.5 and below. This issue is triggered ONLY when fabric/fortiheartbeat/endpoint-compliance is enabled at the interface level...
Protect
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site Scripting attack XSS by sending a crafted DHCP packet...
Protect
There is a format string vulnerability in the SSH username handling when connecting to FortiOS 5.6.0, that may lead to memory corruption...
FortiManager XSS vulnerability when view config under Revision History
A potential Cross-site Scripting XSS vulnerability exists in FortiManager: Displayed data is not sanitized when an administrator views the managed devices configuration, in the installation revision history of the GUI...
Mulitple Vulnerabilities in FortiClient
...
Potential Information Disclosure Vulnerability in FortiGate
...
FortiSIEM - Bruteforce of Exposed Endpoints
An improper restriction of excessive authentication attempts CWE-307 in FortiSIEM may allow a unauthenticated user with access to several endpoints to perform a brute force attack on these endpoints...
FortiNAC - database harcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC may allow an authenticated attacker to access to the database via shell commands...
FortiNAC - Weak password hashing method in /etc/shadow
An insufficiently protected credentials vulnerability CWE-522 in FortiNAC may allow a local attacker with system access to retrieve users' passwords...
FortiWeb - Path traversal in API handler
A relative path traversal vulnerability CWE-23 in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests...
FortiWeb - format string vulnerability in the CLI
A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...
FortiSandbox & FortiDeceptor - Insufficient logging and lack of limitation of failed authentication attempts
An insufficient logging CWE-778 vulnerability in FortiSandbox and FortiDeceptor may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts...
FortiADC - Multiple SQL Injection vulnerabilities in the management interface
Multiple improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerabilities CWE-89 in FortiADC management interface may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiClient (Linux) - Improper directories permissions
An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...
FortiWeb - Reflected cross-site scripting in SAML login
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiWeb may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the SAML login webpage...
FortiWLM - Command injection in script handlers
An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWLM may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests to various controllers...
FortiWeb - Stack-Based Buffer Overflow vulnerability
A stack-based buffer overflow CWE-121 vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values...
FortiManager- Improper access control in SD-WAN Orchestrator
An improper access control vulnerability in FortiManager may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL...
FortiMail / FortiNDR / FortiWeb - Path traversal vulnerabilities
Multiple Path traversal vulnerabilities in FortiMail, FortiNDR & FortiWeb may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests...
FortiWLC - Hardcoded root password
A use of hard-coded password vulnerability in FortiWLC may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded username and password...
FortiSwitch - memory leak issue in lldpmedd daemon
A missing release of memory after effective lifetime vulnerability in FortiSwitch may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device...
FortiAuthenticator - Hard-coded cryptographic keys used to encrypt sensitive data
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
Authentication bypass in FortiWAN
A relative path traversal vulnerability CWE-23 in FortiWAN may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value...
FortiClient Mac is vulnerable to a local denial of service
An improper access control vulnerability in FortiClientMac may allow an attacker to affect the application's performance via modifying the content of a file used by several FortiClientMac processes...
FortiSIEM LDAP server password reflected in admin portal
An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server password via the HTML source code. This could potentially aggravate attacks targeting the authenticated admin session, should they exist XSS, social engineering, pro...
FortiWLC PAM.log authenticated user information exposure
The pam.log file generated by FortiWLC contains authenticated users credentials local admin and users authenticated against external servers. Users with admin privileges can access the pam.log file and read the credentials...
FortiClient Android and iOS multiple vulnerabilities
...
Protect
A use of GET request method with sensitive query strings vulnerability CWE-598 in the FortiOS SSL VPN component may allow an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services found in logs, referers,...
Protect
An access of uninitialized pointer vulnerability CWE-824 in FortiOS administrative interface API may allow an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests...
Protect
A NULL pointer dereference vulnerability CWE-476 in FortiOS may allow an authenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests to the /proxy endpoint...
FortiADC - Path traversal vulnerability in CLI
A relative path traversal vulnerability CWE-23 in FortiADC may allow a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands...