Protect

An improper authorization vulnerability CWE-285 in FortiOS's WEB UI component may allow an authenticated attacker belonging to the prof-admin profile to perform elevated actions...

Protect

A use after free vulnerability CWE-416 in FortiOS & FortiProxy may allow an unauthenticated remote attacker to crash the Web Proxy process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection...

Protect

An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiOS may allow a remote authenticated attacker to inject script related HTML tags via the SAML and Security Fabric components...

Protect

A use of GET request method with sensitive query strings vulnerability CWE-598 in the FortiOS SSL VPN component may allow an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services found in logs, referers,...

Protect

An improper access control vulnerability CWE-284 in the FortiOS REST API component may allow an authenticated attacker to access a restricted resource from a non trusted host...

Protect

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS and FortiProxy GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting...

Protect

A stack-based buffer overflow vulnerability CWE-121 in FortiOS may allow a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections...

Protect

A stack-based overflow vulnerability CWE-124 in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection...

Protect

An insufficient session expiration CWE-613 vulnerability in FortiOS REST API may allow an attacker to keep a secure websocket session active after user deletion...

FortiNAC - java untrusted object deserialization RCE

A deserialization of untrusted data vulnerability CWE-502 in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service...

FortiNAC - argument injection in XML interface on port tcp/5555

An improper neutralization of special elements used in a command 'command injection' vulnerability CWE-77 in FortiNAC tcp/5555 service may allow an unauthenticated attacker to copy local files of the device to other local directories of the device via specially crafted input fields. To access the...

Protect

A NULL pointer dereference vulnerability CWE-476 in SSL-VPN may allow an authenticated remote attacker to trigger a crash of the SSL-VPN service via crafted requests...

Protect

An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS / FortiProxy log events may allow a remote authenticated attacker to read certain passwords in ciphertext...

FortiManager & FortiAnalyzer - SSRF in FortiGuard Outbreak feature

A server-side request forgery SSRF vulnerability CWE-918 in FortiManager and FortiAnalyzer GUI may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests...

FortiNAC - SSL Renegotation leading to DoS

An improper permissions, privileges, and access controls vulnerability CWE-264 in FortiNAC may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation...

Protect

An out-of-bounds write vulnerability CWE-787 in Command Line Interface of FortiOS and FortiProxy may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands...

Protect

A cleartext transmission of sensitive information vulnerability CWE-319 in FortiOS & FortiProxy may allow an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands...

FortiSIEM - Bruteforce of Exposed Endpoints

An improper restriction of excessive authentication attempts CWE-307 in FortiSIEM may allow a unauthenticated user with access to several endpoints to perform a brute force attack on these endpoints...

FortiSIEM - Plaintext credentials storage in DB

A plaintext storage of a password vulnerability CWE-256 in FortiSIEM may allow an attacker able to access user DB content to impersonate any admin user on the device GUI...

FortiSIEM - Use of a Broken or Risky Cryptographic Algorithm

A use of a broken or risky cryptographic algorithm CWE-327 in FortiSIEM may allow a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

Protect

An access of uninitialized pointer vulnerability CWE-824 in FortiOS administrative interface API may allow an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests...

Protect

A loop with unreachable exit condition 'Infinite Loop' vulnerability CWE-835 in FortiOS, FortiProxy and Fortiweb may allow an authenticated attacker to perform a denial of service via a specially crafted firmware image...

Protect

A format string vulnerability CWE-134 in the command line interpreter of FortiOS and FortiProxy may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

Protect

A use of externally-controlled format string vulnerability CWE-134 in the Fclicense daemon of FortiOS may allow a remote authenticated attacker to execute arbitrary code or commands via specially crafted requests...

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS and FortiProxy may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server...

Protect

A relative path traversal vulnerability CWE-23 in FortiOS, FortiProxy & FortiSwitchManager administrative interface may allow a privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests...

FortiADC - Command injection in diagnose system df CLI command

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC CLI may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command...

Protect

A heap-based buffer overflow vulnerability CWE-122 in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests...

Protect

A NULL pointer dereference vulnerability CWE-476 in FortiOS may allow an authenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests to the /proxy endpoint...

FortiADC & FortiADC Manager - Command injection vulnerabilities in cli commands

Multiple improper neutralization of special elements used in an os command 'OS Command Injection' vulnerabilties CWE-78 in FortiADC & FortiADC Manager may allow a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI requests...

Protect

A NULL pointer dereference vulnerability CWE-476 in FortiOS may allow a remote unauthenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests...

FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder

An incorrect default permissions CWE-276 vulnerability in FortiClient Windows and FortiConverter Windows may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConvreter is installed in an insecure folder...

FortiNAC - Improper access control on administrative panels

An access control vulnerability CWE-284 in FortiNAC may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests...

FortiNAC - database harcoded credentials

A use of hard-coded credentials vulnerability CWE-798 in FortiNAC may allow an authenticated attacker to access to the database via shell commands...

FortiADC - Command injection in external resource module

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

FortiADC - Path traversal vulnerability in CLI

A relative path traversal vulnerability CWE-23 in FortiADC may allow a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands...

FortiNAC - SSH Weak Key Exchange Algorithm

A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...

FortiNAC - open redirect in defaultUrl parameter

A URL redirection to untrusted site 'Open Redirect' vulnerability CWE-601 in FortiNAC may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL...

FortiNAC - Weak authentication mechanism on device registration page

A weak authentication vulnerability CWE-1390 in FortiNAC device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success...

Protect

An out-of-bounds write vulnerability CWE-787 in sslvpnd of FortiOS and FortiProxy may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted requests...

FortiNAC - Weak password hashing method in /etc/shadow

An insufficiently protected credentials vulnerability CWE-522 in FortiNAC may allow a local attacker with system access to retrieve users' passwords...

FortiNAC - Stored XSS triggering RCE via license key forgery

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses...

FortiClient (Windows) - Arbitrary file creation from unprivileged users due to process impersonation

An incorrect authorization CWE-863 vulnerability in FortiClient Windows may allow a local low privileged attacker to perform arbitrary file creation in the device filesystem...

FortiClient (Mac) - update functionality may lead to privilege escalation vulnerability

A download of code without Integrity check vulnerability CWE-494 in FortiClientMac may allow a local attacker to escalate their privileges via modifying the installer upon upgrade...

FortiADC - Cross-Site Scripting in Fabric Connectors

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiADC may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests...

FortiAnalyzer & FortiManager - Lack of client-side certificate validation when establishing secure connections with FortiGuard to download outbreakalert

An improper certificate validation vulnerability CWE-295 in FortiAnalyzer and FortiManager may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources...

FortiClient (Windows) - Improper write access over FortiClient pipe object

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writin...

CVE-2022-0847 on Linux Kernel

A security advisory was released affecting a version of the Linux Kernel used in FortiAuthenticator, FortiProxy & FortiSIEM:...

FortiWeb - XSS vulnerability in HTML generated attack report files

An improper neutralization of input during web page generation CWE-79 in the FortiWeb web interface may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack XSS via injecting malicious payload in log entries used to build report...

FortiPresence - Unpassworded remotely accessible Redis & MongoDB

A missing authentication for critical function vulnerability CWE-306 in FortiPresence on-prem infrastructure server may allow a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...