649 matches found
FortiSandbox - SQL injection in certificate downloading feature
An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiSandbox may allow a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request...
FortiClient (Windows) - Arbitrary file creation from unprivileged users due to process impersonation
An incorrect authorization CWE-863 vulnerability in FortiClient Windows may allow a local low privileged attacker to perform arbitrary file creation in the device filesystem...
FortiWeb & FortiADC - OS command injection in CLI
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiWeb & FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
FortiClientWindows - Arbitrary file creation by unprivileged users
A relative path traversal CWE-23 vulnerability in FortiClientWindows may allow a local low privileged attacker to perform arbitrary file creation on the device filesystem...
FortiAnalyzer & FortiManager - Lack of client-side certificate validation when establishing secure connections with FortiGuard to download outbreakalert
An improper certificate validation vulnerability CWE-295 in FortiAnalyzer and FortiManager may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources...
FortiSOAR - Server-side Template Injection in playbook execution
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
FortiAnalyzer - Improper input validation in custom dataset
An improper input validation vulnerability CWE-20 in FortiAnalyzer may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...
CVE-2022-0847 on Linux Kernel
A security advisory was released affecting a version of the Linux Kernel used in FortiAuthenticator, FortiProxy & FortiSIEM:...
Protect
A URL redirection to untrusted site 'Open Redirect' vulnerability CWE-601 in FortiOS and FortiProxy sslvpnd may allow an authenticated attacker to redirect users to any arbitrary website via a crafted URL...
FortiNAC - Report disclosure to unauthenticated users
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...
FortiADC & FortiDDoS & FortiDDoS-F - Command injection in log & report module
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC, FortiDDoS and FortiDDoS-F may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
FortiADC - Cross-Site Scripting in Fabric Connectors
An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiADC may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests...
FortiWeb - XSS vulnerability in HTML generated attack report files
An improper neutralization of input during web page generation CWE-79 in the FortiWeb web interface may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack XSS via injecting malicious payload in log entries used to build report...
FortiSOAR - Improper Authorization in request headers
An improper access control vulnerability CWE-284 in FortiSOAR's playbook component may allow an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests...
FortiWeb - command injection in webserver
An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWeb may allow authenticated users to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiAuthenticator, FortiDeceptor & FortiMail - Improper restriction over excessive authentication attempts
An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiAuthenticator, FortiDeceptor & FortiMail may allow a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form...
FortiRecorder - DoS in login authentication mechanism
An uncontrolled resource consumption vulnerability CWE-400 in FortiRecorder login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests...
Protect
An access of uninitialized pointer vulnerability CWE-824 in the SSL-VPN portal of FortiOS & FortiProxy may allow a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request...
FortiWeb and FortiRecorder - Arbitrary file read through command line pipe
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiRecorder and FortiWeb may allow an authenticated user to read arbitrary files via specially crafted command arguments...
FortiNAC - Multiple privilege escalation via sudo command
An improper privilege management vulnerability CWE-269 in FortiNAC may allow a low privilege local user with shell access to execute arbitrary commands as root...
FortiNAC - Multiple Reflected XSS
An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC may allow an authenticated user to perform an XSS attack via crafted HTTP requests...
FortiAnalyzer -- the log-fetch client request password is shown in clear text in the heartbeat response
An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiAnalyzer may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer...
Protect
A improper limitation of a pathname to a restricted directory vulnerability 'path traversal' CWE-22 in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands...
FortiManager, FortiAnalyzer, FortiPortal & FortiSwitch - Information disclosure through diagnose debug commands
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiManager, FortiAnalyzer, FortiPortal & FortiSwitch may allow an attacker which has obtained access to a restricted administrative account to obtain sensitive information via diagnose debug commands...
Protect
A buffer underwrite 'buffer underflow' vulnerability in FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy & FortiSwitchManager administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically...
Protect
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiOS and FortiProxy administrative interface may allow an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP or HTTPs GET requests...
FortiAnalyzer - CSV injection in macro name
An improper neutralization of formula elements vulnerability CWE 1236 in FortiAnalyzer may allow a local authenticated privileged attacker to execute arbitrary code on the end-user's host via inserting spreadsheet formulas in the macro names. This is achieved once the user downloads and opens the...
Protect
A relative path traversal vulnerability CWE-23 in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests...
FortiNAC - External Control of File Name or Path in keyUpload scriptlet
An external control of file name or path vulnerability CWE-73 in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system...
Protect
An improper certificate validation vulnerability CWE-295 in FortiOS and FortiProxy may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds when the latter are...
Protect
A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys ddns-key or n-mhae-key in FortiOS & FortiProxy configuration may allow an attacker in possession of the encrypted key to decipher it...
Protect
An improper verification of cryptographic signature vulnerability CWE-347 in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter...
FortiNAC - Multiple Stored and Reflected XSS
Several improper neutralization of inputs during web page generation vulnerability CWE-79 in FortiNAC may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests...
FortiNAC - Weak password storage
An insufficiently protected credentials vulnerability CWE-522 in FortiNAC may allow an attacker with access to the database to perform attacks to recover the passwords...
FortiWeb - Multiple OS command injection
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
FortiWeb - Path traversal in API controller
A relative path traversal vulnerability CWE-23 in the API of FortiWeb may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...
Protect
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 in FortiOS and FortiProxy may allow an authenticated and remote attacker to inject arbitrary headers...
FortiPortal - Device password exposure in audit log
An insertion of sensitive information into log file vulnerability CWE-532 in the FortiPortal management interface may allow a remote authenticated attacker to read other devices' passwords in the audit log page...
FortiADC - OS command injection vulnerability in CLI
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute arbitrary shell code as root via CLI commands...
FortiWeb - Stack-based Buffer Overflow in command line interpreter
A stack-based buffer overflow CWE-121 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...
FortiWAN - Command injection vulnerability
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
FortiAnalyzer - XSS vulnerability due to AngularJS Client-Side Template injection
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer...
Protect
An improper privilege management vulnerability CWE-269 in FortiOS & FortiProxy may allow an administrator that has access to the admin profile section System subsection Administrator Users to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands...
Protect
A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate and FortiAuthenticator may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via...
Protect
An improper neutralization of input during web page generation CWE-79 vulnerability in FortiOS may allow a remote, unauthenticated attacker to launch a cross site scripting XSS attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. Â...
FortiWeb - Multiple Stack based buffer overflow in web interface
Multiple buffer overflow CWE-121 vulnerabilities in the web server of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted HTTP requests...
FortiWeb - Command injection in CLI backup functionality
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...
FortiWeb - Relative path traversal in web API
A path traversal vulnerability CWE-23 in the API of FortiWeb may allow a unauthenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests...
FortiSandbox - Improper password storage mechanism
A use of password hash with insufficient computational effort vulnerability CWE-916 in FortiSandbox may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords...
FortiNAC - Multiple reflected cross-site scripting vulnerabilities in portal UI
Multiple improper neutralization of input during web page generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiNAC portal UI may allow an attacker to perform an XSS attack via crafted HTTP requests...