Lucene search
K
FortinetMost viewed

649 matches found

Fortinet
Fortinet
•added 2018/08/27 12:0 a.m.•37 views

FortiManager allows unauthorized viewing of vdoms settings by any adom standard users

A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom...

4CVSS4.2AI score0.00696EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2016/09/30 12:0 a.m.•37 views

FortiWLC PAM.log authenticated user information exposure

The pam.log file generated by FortiWLC contains authenticated users credentials local admin and users authenticated against external servers. Users with admin privileges can access the pam.log file and read the credentials...

4CVSS3.6AI score0.01109EPSS
Exploits0
Fortinet
Fortinet
•added 2012/02/01 12:0 a.m.•37 views

Potential Information Disclosure Vulnerability in FortiGate

...

4.3CVSS2.1AI score0.01407EPSS
Exploits1
Fortinet
Fortinet
•added 2023/06/12 12:0 a.m.•36 views

FortiSIEM - Bruteforce of Exposed Endpoints

An improper restriction of excessive authentication attempts CWE-307 in FortiSIEM may allow a unauthenticated user with access to several endpoints to perform a brute force attack on these endpoints...

6.5CVSS7.2AI score0.00534EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/05/03 12:0 a.m.•36 views

FortiNAC - database harcoded credentials

A use of hard-coded credentials vulnerability CWE-798 in FortiNAC may allow an authenticated attacker to access to the database via shell commands...

4.3CVSS7.3AI score0.00164EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/03/07 12:0 a.m.•36 views

FortiWeb - command injection in webserver

An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWeb may allow authenticated users to execute unauthorized code or commands via specifically crafted HTTP requests...

6.5CVSS8.7AI score0.01755EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/03/07 12:0 a.m.•36 views

FortiNAC - Multiple privilege escalation via sudo command

An improper privilege management vulnerability CWE-269 in FortiNAC may allow a low privilege local user with shell access to execute arbitrary commands as root...

4.3CVSS7.8AI score0.00207EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/03/07 12:0 a.m.•36 views

FortiSOAR - Improper Authorization in request headers

An improper access control vulnerability CWE-284 in FortiSOAR's playbook component may allow an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests...

5.8CVSS6.7AI score0.00906EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2022/07/05 12:0 a.m.•36 views

FortiADC - Multiple SQL Injection vulnerabilities in the management interface

Multiple improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerabilities CWE-89 in FortiADC management interface may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

6.5CVSS9.1AI score0.00559EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2022/04/05 12:0 a.m.•36 views

FortiClient (Linux) - Improper directories permissions

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

5CVSS3.6AI score0.00498EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/12/07 12:0 a.m.•36 views

FortiNAC - improper permissions set for tomcat users configuration file

An incorrect permission assignment for a critical resource vulnerability CWE-732 in FortiNAC may allow an authenticated attacker to access sensitive system data and, as a consequence, raise the authenticated user's privilege to admin...

7.2CVSS5.8AI score0.00426EPSS
Exploits1Affected Software1
Fortinet
Fortinet
•added 2021/08/18 12:0 a.m.•36 views

Vulnerability in OpenSSL library

A security advisory was released affecting the version of OpenSSL library used in some Fortinet products:...

5CVSS8AI score0.70561EPSS
Exploits2Affected Software2
Fortinet
Fortinet
•added 2021/07/07 12:0 a.m.•36 views

FortiMail - SQL Injection vulnerabilities

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

7.5CVSS9.6AI score0.0143EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/06/01 12:0 a.m.•36 views

FortiWLC - Hardcoded root password

A use of hard-coded password vulnerability in FortiWLC may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded username and password...

2.2AI score0.00156EPSS
Exploits0
Fortinet
Fortinet
•added 2021/06/01 12:0 a.m.•36 views

FortiWeb - OS command injection vulnerability

An OS command injection vulnerability in FortiWeb's management interface may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page...

9CVSS9.6AI score0.7727EPSS
Exploits2Affected Software1
Fortinet
Fortinet
•added 2020/06/01 12:0 a.m.•36 views

Protect

An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information such as version, via parsing a JavaScript file...

5CVSS5.8AI score0.00909EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2020/03/09 12:0 a.m.•36 views

Unquoted Service Path exploit in FortiClient

An unquoted service path vulnerability in the FortiClient FortiTray component may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path...

7.5CVSS6.2AI score0.02179EPSS
Exploits1Affected Software1
Fortinet
Fortinet
•added 2019/06/12 12:0 a.m.•36 views

Cross-Site-Scripting (XSS) vulnerabilty in Fortiweb reports

The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML format...

4.3CVSS1.8AI score0.00965EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2019/04/02 12:0 a.m.•36 views

FortiClient Mac is vulnerable to a local denial of service

An improper access control vulnerability in FortiClientMac may allow an attacker to affect the application's performance via modifying the content of a file used by several FortiClientMac processes...

3.6CVSS4.4AI score0.00357EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2015/07/24 12:0 a.m.•36 views

Multiple XSS vulnerabilities in FortiSandbox WebUI

...

4.3CVSS6.3AI score0.01535EPSS
Exploits1
Fortinet
Fortinet
•added 2023/04/11 12:0 a.m.•35 views

FortiNAC - Report disclosure to unauthenticated users

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...

5CVSS7.2AI score0.00593EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/04/11 12:0 a.m.•35 views

Protect

Multiple improper neutralization of input during web page generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiOS & FortiProxy administrative interface may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests...

5.8CVSS6.2AI score0.00645EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2023/03/07 12:0 a.m.•35 views

FortiAuthenticator, FortiDeceptor & FortiMail - Improper restriction over excessive authentication attempts

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiAuthenticator, FortiDeceptor & FortiMail may allow a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form...

5CVSS5.9AI score0.01808EPSS
Exploits1Affected Software3
Fortinet
Fortinet
•added 2023/02/16 12:0 a.m.•35 views

FortiPortal - Device password exposure in audit log

An insertion of sensitive information into log file vulnerability CWE-532 in the FortiPortal management interface may allow a remote authenticated attacker to read other devices' passwords in the audit log page...

4CVSS6AI score0.00687EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2022/03/01 12:0 a.m.•35 views

FortiWLM - Path traversal vulnerability

Multiple relative path traversal vulnerabilities CWE-23 in FortiWLM management interface may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...

4CVSS5.6AI score0.00547EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/11/02 12:0 a.m.•35 views

FortiClient (Windows) - Privilege escalation vulnerability

An improper authorization vulnerability CWE-285 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...

7.2CVSS7.2AI score0.00347EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/11/02 12:0 a.m.•35 views

FortiPortal - XML parser is vulnerable to XXE attacks

An improper restriction of XML external entity reference vulnerability CWE-611 in the parser of XML responses of FortiPortal may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file...

6.4CVSS7.7AI score0.008EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/10/05 12:0 a.m.•35 views

FortiWebManager - Injection vulnerabilities

An improper neutralization of input vulnerability CWE-79 in FortiWebManager may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device...

3.5CVSS5.3AI score0.0058EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/08/03 12:0 a.m.•35 views

FortiSandbox - Predictable session IDs of JSON API

An instance of small space of random values in FortiSandbox RPC API may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs...

5CVSS7.2AI score0.00814EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/08/03 12:0 a.m.•35 views

FortiSandbox - Command injection in web interface

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...

6.5CVSS8.6AI score0.01165EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/07/07 12:0 a.m.•35 views

FortiAP - OS command Injection through kdbg CLI command

An instance of improper neutralization of special elements used in an OS Command found in FortiAP's console may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

4.6CVSS7.7AI score0.00295EPSS
Exploits0Affected Software3
Fortinet
Fortinet
•added 2020/12/01 12:0 a.m.•35 views

AV Engine evasion via malformed RAR file

FortiClient and FortiOS AV engines may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files...

2.5AI score0.00303EPSS
Exploits0
Fortinet
Fortinet
•added 2020/09/18 12:0 a.m.•35 views

Information disclosure through diagnose debug commands in FortiWeb

...

4CVSS6.4AI score0.00859EPSS
Exploits0
Fortinet
Fortinet
•added 2019/08/21 12:0 a.m.•35 views

Protect

Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting XSS attack via multiple parameters of the error page HTTP request...

4.3CVSS5.8AI score0.00831EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2017/05/15 12:0 a.m.•35 views

FortiPortal Multiple Vulnerabilities

Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:...

7.5CVSS2AI score0.01249EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2016/12/02 12:0 a.m.•35 views

FortiOS Local Admin Password Hash Leak Vulnerability

A read-only administrator may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API , and may therefore be able to crack them...

4CVSS3.1AI score0.01539EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2016/08/09 12:0 a.m.•35 views

FortiManager and FortiAnalyzer XSS vulnerability

A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks...

4.3CVSS2.8AI score0.01009EPSS
Exploits0
Fortinet
Fortinet
•added 2016/06/23 12:0 a.m.•35 views

FortiWeb CSRF Vulnerability

A CSRF vulnerability could allow attackers to change admin password with crafted forms...

6.8CVSS4.2AI score0.00898EPSS
Exploits0
Fortinet
Fortinet
•added 2023/04/11 12:0 a.m.•34 views

FortiClient (Mac) - update functionality may lead to privilege escalation vulnerability

A download of code without Integrity check vulnerability CWE-494 in FortiClientMac may allow a local attacker to escalate their privileges via modifying the installer upon upgrade...

4.3CVSS7.3AI score0.00121EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2023/02/16 12:0 a.m.•34 views

FortiNAC : Wrong use of cryptographic primitives

A wrong use of cryptographic primitives vulnerability CWE-310 may allow an attacker to compromise FortiNAC's confidentiality and integrity via deciphering some traffic and/or forging specific packets...

4CVSS7.2AI score0.00385EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2022/09/06 12:0 a.m.•34 views

FortiManager & FortiAnalyzer - Inter ADOM information leakage

An improper access control vulnerability CWE-284 in FortiManager and FortiAnalyzer management interface may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information...

3.3CVSS4.8AI score0.0055EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2022/09/06 12:0 a.m.•34 views

Protect

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors...

4.9CVSS5.1AI score0.00357EPSS
Exploits0Affected Software2
Fortinet
Fortinet
•added 2022/03/01 12:0 a.m.•34 views

FortiAP-C - Command injection in CLI

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...

4.6CVSS7.6AI score0.00281EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/12/07 12:0 a.m.•34 views

FortiClient EMS - SAML SSO replay attack

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

6.4CVSS4.9AI score0.00955EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/12/07 12:0 a.m.•34 views

FortiWeb - Open redirect in redir handler due to direct input interpolation

An URL redirection to untrusted site 'Open Redirect' CWE-601 vulnerability in FortiWeb may allow an authenticated attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...

5.8CVSS4.2AI score0.0061EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2021/11/02 12:0 a.m.•34 views

FortiPortal - XSS vulnerability

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiPortal GUI may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid...

4.3CVSS6AI score0.00632EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2020/04/06 12:0 a.m.•34 views

Improper Authorization vulnerability in FortiADC

An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system...

6.8CVSS5.3AI score0.01154EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2020/03/09 12:0 a.m.•34 views

Stored XSS vulnerability in traffic group interface

An improper neutralization of input vulnerability in the FortiADC may allow an attacker to execute a stored Cross Site Scripting XSS via a field in the traffic group interface...

3.5CVSS3.7AI score0.00545EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2019/07/16 12:0 a.m.•34 views

XSS vulnerability in FortiNAC admin webUI search field

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" in FortiNAC admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI...

4.3CVSS3.7AI score0.00705EPSS
Exploits0Affected Software1
Fortinet
Fortinet
•added 2018/11/22 12:0 a.m.•34 views

Uninitialized memory buffer leak in FortiOS explicit web proxy

An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

5CVSS0.3AI score0.02119EPSS
Exploits1Affected Software1
Total number of security vulnerabilities649