649 matches found
FortiManager allows unauthorized viewing of vdoms settings by any adom standard users
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom...
FortiWLC PAM.log authenticated user information exposure
The pam.log file generated by FortiWLC contains authenticated users credentials local admin and users authenticated against external servers. Users with admin privileges can access the pam.log file and read the credentials...
Potential Information Disclosure Vulnerability in FortiGate
...
FortiSIEM - Bruteforce of Exposed Endpoints
An improper restriction of excessive authentication attempts CWE-307 in FortiSIEM may allow a unauthenticated user with access to several endpoints to perform a brute force attack on these endpoints...
FortiNAC - database harcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC may allow an authenticated attacker to access to the database via shell commands...
FortiWeb - command injection in webserver
An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWeb may allow authenticated users to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiNAC - Multiple privilege escalation via sudo command
An improper privilege management vulnerability CWE-269 in FortiNAC may allow a low privilege local user with shell access to execute arbitrary commands as root...
FortiSOAR - Improper Authorization in request headers
An improper access control vulnerability CWE-284 in FortiSOAR's playbook component may allow an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests...
FortiADC - Multiple SQL Injection vulnerabilities in the management interface
Multiple improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerabilities CWE-89 in FortiADC management interface may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiClient (Linux) - Improper directories permissions
An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...
FortiNAC - improper permissions set for tomcat users configuration file
An incorrect permission assignment for a critical resource vulnerability CWE-732 in FortiNAC may allow an authenticated attacker to access sensitive system data and, as a consequence, raise the authenticated user's privilege to admin...
Vulnerability in OpenSSL library
A security advisory was released affecting the version of OpenSSL library used in some Fortinet products:...
FortiMail - SQL Injection vulnerabilities
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiWLC - Hardcoded root password
A use of hard-coded password vulnerability in FortiWLC may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded username and password...
FortiWeb - OS command injection vulnerability
An OS command injection vulnerability in FortiWeb's management interface may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page...
Protect
An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information such as version, via parsing a JavaScript file...
Unquoted Service Path exploit in FortiClient
An unquoted service path vulnerability in the FortiClient FortiTray component may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path...
Cross-Site-Scripting (XSS) vulnerabilty in Fortiweb reports
The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML format...
FortiClient Mac is vulnerable to a local denial of service
An improper access control vulnerability in FortiClientMac may allow an attacker to affect the application's performance via modifying the content of a file used by several FortiClientMac processes...
Multiple XSS vulnerabilities in FortiSandbox WebUI
...
FortiNAC - Report disclosure to unauthenticated users
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...
Protect
Multiple improper neutralization of input during web page generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiOS & FortiProxy administrative interface may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests...
FortiAuthenticator, FortiDeceptor & FortiMail - Improper restriction over excessive authentication attempts
An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiAuthenticator, FortiDeceptor & FortiMail may allow a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form...
FortiPortal - Device password exposure in audit log
An insertion of sensitive information into log file vulnerability CWE-532 in the FortiPortal management interface may allow a remote authenticated attacker to read other devices' passwords in the audit log page...
FortiWLM - Path traversal vulnerability
Multiple relative path traversal vulnerabilities CWE-23 in FortiWLM management interface may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...
FortiClient (Windows) - Privilege escalation vulnerability
An improper authorization vulnerability CWE-285 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...
FortiPortal - XML parser is vulnerable to XXE attacks
An improper restriction of XML external entity reference vulnerability CWE-611 in the parser of XML responses of FortiPortal may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file...
FortiWebManager - Injection vulnerabilities
An improper neutralization of input vulnerability CWE-79 in FortiWebManager may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device...
FortiSandbox - Predictable session IDs of JSON API
An instance of small space of random values in FortiSandbox RPC API may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs...
FortiSandbox - Command injection in web interface
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiAP - OS command Injection through kdbg CLI command
An instance of improper neutralization of special elements used in an OS Command found in FortiAP's console may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...
AV Engine evasion via malformed RAR file
FortiClient and FortiOS AV engines may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files...
Information disclosure through diagnose debug commands in FortiWeb
...
Protect
Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting XSS attack via multiple parameters of the error page HTTP request...
FortiPortal Multiple Vulnerabilities
Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:...
FortiOS Local Admin Password Hash Leak Vulnerability
A read-only administrator may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API , and may therefore be able to crack them...
FortiManager and FortiAnalyzer XSS vulnerability
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks...
FortiWeb CSRF Vulnerability
A CSRF vulnerability could allow attackers to change admin password with crafted forms...
FortiClient (Mac) - update functionality may lead to privilege escalation vulnerability
A download of code without Integrity check vulnerability CWE-494 in FortiClientMac may allow a local attacker to escalate their privileges via modifying the installer upon upgrade...
FortiNAC : Wrong use of cryptographic primitives
A wrong use of cryptographic primitives vulnerability CWE-310 may allow an attacker to compromise FortiNAC's confidentiality and integrity via deciphering some traffic and/or forging specific packets...
FortiManager & FortiAnalyzer - Inter ADOM information leakage
An improper access control vulnerability CWE-284 in FortiManager and FortiAnalyzer management interface may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information...
Protect
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors...
FortiAP-C - Command injection in CLI
An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...
FortiClient EMS - SAML SSO replay attack
An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...
FortiWeb - Open redirect in redir handler due to direct input interpolation
An URL redirection to untrusted site 'Open Redirect' CWE-601 vulnerability in FortiWeb may allow an authenticated attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...
FortiPortal - XSS vulnerability
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiPortal GUI may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid...
Improper Authorization vulnerability in FortiADC
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system...
Stored XSS vulnerability in traffic group interface
An improper neutralization of input vulnerability in the FortiADC may allow an attacker to execute a stored Cross Site Scripting XSS via a field in the traffic group interface...
XSS vulnerability in FortiNAC admin webUI search field
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" in FortiNAC admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI...
Uninitialized memory buffer leak in FortiOS explicit web proxy
An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...