649 matches found
FortiPortal Multiple Vulnerabilities
Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:...
FortiAnalyzer, FortiManager Open Redirect Vulnerability
The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect...
FortiOS XSS via srcintf during Firewall Policy Creation
An XSS vulnerability caused by the scrintf parameter input during Firewall Policy Creation can be exploited to load and run a remote malicious Javascript in a logged in browser...
XSS Vulnerability in FortiWeb Site Publisher
The Site Publisher functionality of FortiWeb has been found vulnerable to a Cross-Site Scripting vulnerability via an improperly sanitized parameter in a POST request...
FortiWLC-SD Privilege escalation vulnerability using copy running-config
The lack of input sanitisation for CLI command 'copy running-config' allows a user with 'admin' or 'superuser' privilege level to gain shell on the FortiWLC-SD with root privilege...
FortiClient SSLVPN Linux - Arbitrary write to log file
The first launch of FortiClient SSLVPN Linux creates a log file without any prior check. By previously creating a symbolic or hard link with the name of the log file to any file in the filesystem, an attacker may smash the latter existing file. This is due to the fact that the first launch of...
Linux Kernel tty_ioctl Vulnerability
A race condition in the ttyioctl function in drivers/tty/ttyio.c in the Linux kernel may allow local users to obtain sensitive information from kernel memory or cause a denial of service...
FortiClient SSLVPN Linux - Root privilege escalation with subproc
Fortinet is pleased to thank Grzegorz Wrobel of STMSolutions for reporting this vulnerability under responsible disclosure...
Multiple vulnerabilities in Linux kernels through 4.6.3
Of multiple vulnerabilities released affecting Linux kernels through 4.6.3, FortiOS was found vulnerable to the following two:...
Unauthenticated XSS (Cross Site Scripting) in FortiMail
An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...
Linux kernel - challenge ack information leak
net/ipv4/tcpinput.c in certain Linux kernel versions does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack...
OpenSSL Security Advisory [22 Sept 2016]
The OpenSSL project released an advisory on Sept 22nd, 2016, describing 1 High, 1 Medium and 12 Low severity vulnerabilities, as listed below: OCSP Status Request extension unbounded memory growth CVE-2016-6304 SSLpeek hang on empty record CVE-2016-6305 SWEET32 Mitigation CVE-2016-2183 OOB write ...
ntp-4.2.8p7 Security Vulnerability Announcement April 2016
ntp released an announcement on 26th April 2016, describing 4 low and 7 medium severity vulnerabilities, as listed below:...
Fortinet Connect admin able to gain root access
A webui administrator may create a new theme that performs arbitrary code execution on the system...
FortiManager TLS certificate validation failure
FortiManager does not properly validate TLS certificates when probing for devices to administer. This leads to potential pre-shared secret exposure...
FortiOS Local Admin Password Hash Leak Vulnerability
A read-only administrator may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API , and may therefore be able to crack them...
DUHK Attack against Fortinet Products
When devices use ANSI X9.31 RNG which was removed from the list of FIPS-approved random number generation algorithms in January 2016 to generate cryptographic key under a static seed and under use with long-lived security tunnels like SSL/TLS/SSH/IPSec, such devices are vulnerable to the DUHK...
FortiOS flow-mode detection bypass under certain conditions
A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update nearly instantaneous process. This tends to impact long lived network sessions, with chances to be alive during and after an update, such a...
Blacknurse ICMP DoS attack
BlackNurse is a Denial of Service attack consisting in flooding the target with ICMP Type 3 Code 3 packets. The latter type of packets generally consumes more CPU to be processed than the "traditional" ICMP packets used in classical ping-flood attacks Type 8 Code 0. As such, Blacknurse aims at...
FortiWLC Undocumented Hardcoded core Account
FortiWLC comes with a hardcoded account named 'core' which is used by Meru Access Points to send core dumps to the FortiWLC and has read/write privileges over various parts of the system...
Linux Kernel Dirty Cow Vulnerability
Linux Kernel Dirty Cow Vulnerability Announcement...
FortiAnalyzer and FortiManager stored XSS vulnerability in report filters
A cross-site-scripting vulnerablity in FortiAnalyzer/FortiManager in advanced settings page could allow an administrator to inject scripts in the add filter field...
FortiWLC PAM.log authenticated user information exposure
The pam.log file generated by FortiWLC contains authenticated users credentials local admin and users authenticated against external servers. Users with admin privileges can access the pam.log file and read the credentials...
FortiWLC Undocumented Hardcoded Rsync Account
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which has read/write privileges over various parts of the system...
FortiDDoS Command Injection Vulnerability Announcement
A vulnerability in FortiDDoS allows escalation of privilege via remote OS injection through crafted URLs sent to the GUI. The user is required to be logged in for an exploit to work...
OpenSSL Advisory - May 2016
OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities...
FortiClient Unencrypted Password Vulnerability
One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials...
FortiWAN Multiple Vulnerabilities
FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities. CVE-2016-4965: Non-administrative authenticated user having access privileges to the nslookup functionality can perform OS command injection in the root user context...
Cookie Parser Buffer Overflow Vulnerability
FortiGate FortiOS: 4.3.8 and below 4.2.12 and below 4.1.10 and below...
FortiCloud Cross Site Script Persistent Web Vulnerabilities
Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow malicious script being injected in the affected module; this potentially enables XSS attacks...
FortiManager and FortiAnalyzer Client Side XSS vulnerability
A client side XSS vulnerablity in FortiManager/FortiAnalyzer could allow malicious script being injected in the Web-UI; this potentially enables XSS attacks...
FortiManager and FortiAnalyzer XSS vulnerability
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks...
FortiVoice 5.0 Filter Bypass & Persistent Web Vulnerabilities
A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this potentially enables XSS attacks...
FortiManager and FortiAnalyzer Persistent XSS vulnerability
An XSS vulnerablity in FortiManager/FortiAnalyzer could allow privileged guest user accounts and restricted user accounts to inject malicious script to the application-side or client-side of the appliance web-application; this potentially enables XSS attacks...
FortiManager and FortiAnalyzer Persistent XSS vulnerability
When a low privileged user uploads images in the report section, the filenames are not properly sanitized; this potentially enables stored XSS attacks...
OpenSSL Advisory - January 2016
OpenSSL released an update in January 2016 to address one high and one low severity vulnerabilities...
FortiSwitch rest_admin account exposed under specific conditions
During an upgrade to version 3.4.1, a FortiSwitch device may let an attacker log in the restadmin account without a password, if all the conditions below are met: The FortiSwitch device is in FortiLink managed mode not the default mode The FortiSwitch device does not have a management FortiGate, ...
FortiWeb CSRF Vulnerability
A CSRF vulnerability could allow attackers to change admin password with crafted forms...
Fortiweb path traversal vulnerability
A path traversal vulnerability allows an administrator account with read and write privileges to read arbitrary files using the autolearn feature...
RSA-CRT key leak under certain conditions
FortiOS now includes for all SSL libraries a countermeasure against Lenstra's fault attack on RSA-CRT optimization when a RSA signature is corrupted...
SAM and LSAD remote protocols man in the middle vulnerability (Badlock)
The Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD are both vulnerable to man in the middle attacks. These protocols are typically available on all Windows installations as well as every Samba server...
FortiOS open redirect vulnerability
...
DHCP Hostname HTML Injection
...
Glibc getaddrinfo() stack-overflow
...
Multiple Products SSH Undocumented Login Vulnerability
...
FireStorm vulnerability
...
OpenSSL Advisory - December 2015
...
Multiple XSS vulnerabilities in FortiManager GUI
...
Mulitple Vulnerabilities in FortiClient
...
ZebOS routing remote shell service enabled
...