649 matches found
FortiAnalyzer -- the log-fetch client request password is shown in clear text in the heartbeat response
An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiAnalyzer may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer...
FortiNAC - Multiple Stored and Reflected XSS
Several improper neutralization of inputs during web page generation vulnerability CWE-79 in FortiNAC may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests...
FortiSandbox & FortiDeceptor - Insufficient logging and lack of limitation of failed authentication attempts
An insufficient logging CWE-778 vulnerability in FortiSandbox and FortiDeceptor may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts...
FortiDeceptor - Reflected XSS vulnerability on Lure Resources page
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting XSS attack via sending requests with specially crafted lure resource ID...
FortiTester - Unauthenticated command injection
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in Console, Telnet, and SSH login components of FortiTester may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell...
Protect
An integer overflow / wraparound vulnerability CWE-190 in the FortiOS, FortiProxy, FortiSwitch, FortiRecoder, and FortiVoiceEnterprise dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service...
FortiSIEM - plaintext storage of sensitive data in Windows Agent
A plaintext storage of a password vulnerability CWE-256 in the FortiSIEM Windows Agent may allow an authenticated user to impersonate the agent registered to the Supervisor via reading specific log files...
FortiManager - Access Control missing in P&O module assignment vulnerability
An improper authentication vulnerability CWE-287 in FortiManager may allow a standard user to assign or un-assign a global policy package via a POST request to flatui/json module...
FortiManager & FortiAnalyzer - Improper access control on the administrators account list
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration...
FortiMail - Salted Digest vulnerable to length extension attacks
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification...
FortiAuthenticator - Hard-coded cryptographic keys used to encrypt sensitive data
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
Protect
FortiGate versions 6.0.11 and below. FortiGate versions 6.2.5 and below. This issue is triggered ONLY when fabric/fortiheartbeat/endpoint-compliance is enabled at the interface level...
Protect
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site Scripting attack XSS by sending a crafted DHCP packet...
Cross-site scripting (XSS) vulnerability via DHCP Hostname parameter
An attacker could send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager with FortiAnalyzer feature enabled...
FortiManager allows unauthorized viewing of vdoms settings by any adom standard users
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom...
Potential Information Disclosure Vulnerability in FortiGate
...
Protect
A NULL pointer dereference vulnerability CWE-476 in FortiOS may allow an authenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests to the /proxy endpoint...
FortiSIEM - Bruteforce of Exposed Endpoints
An improper restriction of excessive authentication attempts CWE-307 in FortiSIEM may allow a unauthenticated user with access to several endpoints to perform a brute force attack on these endpoints...
FortiNAC - database harcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC may allow an authenticated attacker to access to the database via shell commands...
FortiNAC - Multiple privilege escalation via sudo command
An improper privilege management vulnerability CWE-269 in FortiNAC may allow a low privilege local user with shell access to execute arbitrary commands as root...
FortiSOAR - Improper Authorization in request headers
An improper access control vulnerability CWE-284 in FortiSOAR's playbook component may allow an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests...
FortiWeb - command injection in webserver
An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWeb may allow authenticated users to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiWeb - Stack-based Buffer Overflow in command line interpreter
A stack-based buffer overflow CWE-121 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...
FortiNAC - Unprotected MySQL root account
An empty password in configuration file vulnerability CWE-258 in FortiNAC may allow an authenticated attacker to access the MySQL databases via the CLI...
FortiADC - Multiple SQL Injection vulnerabilities in the management interface
Multiple improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerabilities CWE-89 in FortiADC management interface may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiClient (Linux) - Improper directories permissions
An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...
FortiWLC - Access of Uninitialized Pointer vulnerability
An access of uninitialized pointer CWE-824 vulnerability in FortiWLC may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command...
Protect
A buffer overflow CWE-121 in the TFTP client library of FortiOS, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments...
FortiNAC - improper permissions set for tomcat users configuration file
An incorrect permission assignment for a critical resource vulnerability CWE-732 in FortiNAC may allow an authenticated attacker to access sensitive system data and, as a consequence, raise the authenticated user's privilege to admin...
FortiWLM - Command injection in script handlers
An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWLM may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests to various controllers...
FortiSandbox - Buffer overflow due to use of size of source buffer in libc safe functions
A stack-based buffer overflow vulnerability CWE-121Â in the profile parser of FortiSandbox may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...
Vulnerability in OpenSSL library
A security advisory was released affecting the version of OpenSSL library used in some Fortinet products:...
FortiManager & FortiAnalyzer - Use after free vulnerability in fgfmsd daemon
A Use After Free CWE-416 vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device...
FortiManager and FortiAnalyzer - Buffer overflow vulnerability through the diagnose system geoip-city command
A buffer overflow vulnerability in FortiAnalyzer and FortiManager CLI may allow an authenticated, local attacker to perform a Denial of Service attack by running the diagnose system geoip-city command with a large ip value. Fortinet is not aware of any successful exploitation of this vulnerabilit...
FortiWLC - Hardcoded root password
A use of hard-coded password vulnerability in FortiWLC may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded username and password...
FortiSwitch - memory leak issue in lldpmedd daemon
A missing release of memory after effective lifetime vulnerability in FortiSwitch may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device...
Unquoted Service Path exploit in FortiClient
An unquoted service path vulnerability in the FortiClient FortiTray component may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path...
Protect
Failure to sanitize the error or message handling parameters in the SSL VPN web portal may allow an attacker to perform a Cross-site Scripting XSS attack...
Cross-Site-Scripting (XSS) vulnerabilty in Fortiweb reports
The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML format...
FortiClient Mac is vulnerable to a local denial of service
An improper access control vulnerability in FortiClientMac may allow an attacker to affect the application's performance via modifying the content of a file used by several FortiClientMac processes...
Stored XSS under CA and CRL certificate view page
Javascript code and HTML tags can be injected into the CN value of CA and CRL certificates via the import CA and CRL certificates feature of the GUI. The injected code may be executed when the GUI administrator views the CA certificate details and browses CRL certificates when CN values are...
FortiOS flow-mode detection bypass under certain conditions
A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update nearly instantaneous process. This tends to impact long lived network sessions, with chances to be alive during and after an update, such a...
FortiWLC PAM.log authenticated user information exposure
The pam.log file generated by FortiWLC contains authenticated users credentials local admin and users authenticated against external servers. Users with admin privileges can access the pam.log file and read the credentials...
Multiple XSS vulnerabilities in FortiSandbox WebUI
...
FortiClient Android and iOS multiple vulnerabilities
...
FortiAnalyzer Cross Site Request Forgery Vulnerability
...
FortiNAC - Report disclosure to unauthenticated users
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...
Protect
Multiple improper neutralization of input during web page generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiOS & FortiProxy administrative interface may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests...
FortiPortal - Device password exposure in audit log
An insertion of sensitive information into log file vulnerability CWE-532 in the FortiPortal management interface may allow a remote authenticated attacker to read other devices' passwords in the audit log page...
FortiWAN - Use of hardcoded salt for password hashing
A use of a one-way hash with a predictable salt vulnerability CWE-760 in FortiWAN may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored...