Protect

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions...

FortiSandbox / FortiDeceptor - Improper profile-based access control over APIs

An improper privilege management vulnerability CWE-269 in FortiSandbox & FortiDeceptor may allow a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests...

FortiADC & FortiDDoS & FortiDDoS-F - Command injection in log & report module

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC, FortiDDoS and FortiDDoS-F may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

Protect

Multiple improper neutralization of input during web page generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiOS & FortiProxy administrative interface may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests...

Protect

A URL redirection to untrusted site 'Open Redirect' vulnerability CWE-601 in FortiOS and FortiProxy sslvpnd may allow an authenticated attacker to redirect users to any arbitrary website via a crafted URL...

FortiClientWindows - Arbitrary file creation by unprivileged users

A relative path traversal CWE-23 vulnerability in FortiClientWindows may allow a local low privileged attacker to perform arbitrary file creation on the device filesystem...

FortiSOAR - Server-side Template Injection in playbook execution

An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...

FortiNAC - Report disclosure to unauthenticated users

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...

FortiAnalyzer - Improper input validation in custom dataset

An improper input validation vulnerability CWE-20 in FortiAnalyzer may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...

FortiAuthenticator - Reflected XSS in the password reset page

An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiAuthenticator may allow a remote unauthenticated attacker to trigger a reflected cross site scripting XSS attack via the "reset-password" page...

FortiSandbox - SQL injection in certificate downloading feature

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiSandbox may allow a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request...

Protect

A permissive list of allowed inputs vulnerability CWE-183 in FortiGate Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal...

FortiWeb & FortiADC - OS command injection in CLI

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiWeb & FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

FortiWeb and FortiRecorder - Arbitrary file read through command line pipe

An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiRecorder and FortiWeb may allow an authenticated user to read arbitrary files via specially crafted command arguments...

FortiWeb - command injection in webserver

An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWeb may allow authenticated users to execute unauthorized code or commands via specifically crafted HTTP requests...

Protect

A relative path traversal vulnerability CWE-23 in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests...

FortiManager, FortiAnalyzer, FortiPortal & FortiSwitch - Information disclosure through diagnose debug commands

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiManager, FortiAnalyzer, FortiPortal & FortiSwitch may allow an attacker which has obtained access to a restricted administrative account to obtain sensitive information via diagnose debug commands...

FortiAnalyzer -- the log-fetch client request password is shown in clear text in the heartbeat response

An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiAnalyzer may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer...

FortiAnalyzer - CSV injection in macro name

An improper neutralization of formula elements vulnerability CWE 1236 in FortiAnalyzer may allow a local authenticated privileged attacker to execute arbitrary code on the end-user's host via inserting spreadsheet formulas in the macro names. This is achieved once the user downloads and opens the...

FortiNAC - Multiple privilege escalation via sudo command

An improper privilege management vulnerability CWE-269 in FortiNAC may allow a low privilege local user with shell access to execute arbitrary commands as root...

FortiAuthenticator, FortiDeceptor & FortiMail - Improper restriction over excessive authentication attempts

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiAuthenticator, FortiDeceptor & FortiMail may allow a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form...

Protect

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiOS and FortiProxy administrative interface may allow an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP or HTTPs GET requests...

FortiNAC - Multiple Reflected XSS

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC may allow an authenticated user to perform an XSS attack via crafted HTTP requests...

FortiRecorder - DoS in login authentication mechanism

An uncontrolled resource consumption vulnerability CWE-400 in FortiRecorder login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests...

FortiSOAR - Improper Authorization in request headers

An improper access control vulnerability CWE-284 in FortiSOAR's playbook component may allow an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests...

Protect

A buffer underwrite 'buffer underflow' vulnerability in FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy & FortiSwitchManager administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically...

Protect

A improper limitation of a pathname to a restricted directory vulnerability 'path traversal' CWE-22 in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands...

Protect

An access of uninitialized pointer vulnerability CWE-824 in the SSL-VPN portal of FortiOS & FortiProxy may allow a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request...

FortiWAN - Command injection vulnerability

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

FortiWeb - format string vulnerability in the CLI

A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

Protect

An improper privilege management vulnerability CWE-269 in FortiOS & FortiProxy may allow an administrator that has access to the admin profile section System subsection Administrator Users to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands...

Protect

A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate and FortiAuthenticator may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via...

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS and FortiProxy may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds when the latter are...

FortiNAC : Wrong use of cryptographic primitives

A wrong use of cryptographic primitives vulnerability CWE-310 may allow an attacker to compromise FortiNAC's confidentiality and integrity via deciphering some traffic and/or forging specific packets...

FortiWeb - Buffer overflow in CA sign function

A stack-based buffer overflow vulnerability CWE-121 in the CA sign functionality of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password...

FortiNAC - Weak password storage

An insufficiently protected credentials vulnerability CWE-522 in FortiNAC may allow an attacker with access to the database to perform attacks to recover the passwords...

FortiWeb - Path traversal via browse report CGI component

A relative path traversal vulnerability CWE-23 in FortiWeb may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...

Protect

A relative path traversal vulnerability CWE-23 in FortiOS, FortiProxy, and FortiSwitchManager may allow an authenticated attacker to read and write files on the underlying system via crafted HTTP, HTTPS or CLI requests...

FortiWeb - Path traversal in API handler

A relative path traversal vulnerability CWE-23 in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests...

FortiNAC - Multiple Command Injections in webserver

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the webserver of FortiNAC may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters...

FortiWeb - Stack-based buffer overflows in Proxyd

Multiple stack-based buffer overflow vulnerabilities CWE-121 in FortiWeb's proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests...

FortiPortal - Device password exposure in audit log

An insertion of sensitive information into log file vulnerability CWE-532 in the FortiPortal management interface may allow a remote authenticated attacker to read other devices' passwords in the audit log page...

FortiWeb - Weak generation of WAF session IDs leads to session fixation

A condition for session fixation vulnerability CWE-384 in the session management of FortiWeb may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session...

FortiWeb - Buffer overflow in execute backup-local command

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show operations...

FortiAnalyzer - XSS vulnerability due to AngularJS Client-Side Template injection

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer...

FortiNAC - Multiple Stored and Reflected XSS

Several improper neutralization of inputs during web page generation vulnerability CWE-79 in FortiNAC may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests...

Protect

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 in FortiOS and FortiProxy may allow an authenticated and remote attacker to inject arbitrary headers...

FortiWeb - Double free in pipe management

A double free vulnerability CWE-415 in FortiWeb CLI may allow an authenticated, local attacker to achieve arbitrary code execution via specifically crafted commands...

FortiNAC - Multiple reflected cross-site scripting vulnerabilities in portal UI

Multiple improper neutralization of input during web page generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiNAC portal UI may allow an attacker to perform an XSS attack via crafted HTTP requests...

FortiNAC - Multiple XML external entity (XXE) injection

An improper restriction of XML external entity reference vulnerability CWE-611 in the parser of XML requests of FortiNAC may allow an unauthenticated attacker to trigger a denial of service or read arbitrary files from the underlying file system via specifically crafted XML documents...