649 matches found
FortiNAC : Wrong use of cryptographic primitives
A wrong use of cryptographic primitives vulnerability CWE-310 may allow an attacker to compromise FortiNAC's confidentiality and integrity via deciphering some traffic and/or forging specific packets...
FortiNAC - Unauthenticated access to administrative operations
An improper authorization vulnerability CWE-285 in FortiNAC may allow an unauthenticated attacker to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...
FortiWeb - Buffer overflow in execute backup-local command
A stack-based buffer overflow vulnerability CWE-121 in FortiWeb may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show operations...
FortiWeb - Stack-based buffer overflows in Proxyd
Multiple stack-based buffer overflow vulnerabilities CWE-121 in FortiWeb's proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests...
FortiWeb - Double free in pipe management
A double free vulnerability CWE-415 in FortiWeb CLI may allow an authenticated, local attacker to achieve arbitrary code execution via specifically crafted commands...
FortiWeb - Path traversal in API handler
A relative path traversal vulnerability CWE-23 in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests...
Protect
A relative path traversal vulnerability CWE-23 in FortiOS, FortiProxy, and FortiSwitchManager may allow an authenticated attacker to read and write files on the underlying system via crafted HTTP, HTTPS or CLI requests...
FortiWeb - Stack based buffer overflow in SAML management
A stack-based buffer overflow vulnerability CWE-121 in FortiWeb SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files...
FortiWeb - Buffer overflow in CA sign function
A stack-based buffer overflow vulnerability CWE-121 in the CA sign functionality of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password...
FortiWeb - OS command injection in Web GUI
An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...
FortiExtender - multiple command injection vulnerabilities in webserver
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the webserver of FortiExtender may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters...
FortiWeb - Heap based overflow in CLI
A buffer overflow vulnerability CWE-122 in the the command line interpreter of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted arguments to existing commands...
FortiWeb - Weak generation of WAF session IDs leads to session fixation
A condition for session fixation vulnerability CWE-384 in the session management of FortiWeb may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session...
FortiWeb - Unauthorized Configuration Download Vulnerability
An unauthorized configuration download vulnerability CWE-285 in FortiWeb may allow a local attacker to access confidential configuration files via a crafted http request...
FortiWeb - format string vulnerability in the CLI
A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...
FortiWeb - Path traversal via browse report CGI component
A relative path traversal vulnerability CWE-23 in FortiWeb may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...
FortiNAC - Multiple Command Injections in webserver
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the webserver of FortiNAC may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters...
FortiAnalyzer - XSS vulnerability due to AngularJS Client-Side Template injection
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer...
FortiWeb - header injection in FortiWeb API
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary headers...
FortiManager - Incorrect user management behavior leads to passwordless admin
An incorrect user management vulnerability CWE-286 in the FortiManager VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin profiled admin account is deleted...
FortiADC - command injection in web interface
An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...
FortiPortal - XSS observed on policy column settings
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiPortal management interface may allow a remote authenticated attacker to perform a stored cross site scripting XSS attack via sending request with specially crafted columnindex parameter...
FortiTester - Multiple command injection vulnerabilities in GUI and API
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell...
Protect
A heap-based buffer overflow vulnerability CWE-122 in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests...
FortiADC - SQL injection vulnerability in configuration backup feature
An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
Protect
A improper neutralization of input during web page generation 'cross-site scripting' CWE-79 in FortiOS may allow a privileged attacker to perform a stored XSS attack via storing malicious payloads in replacement messages...
Protect
An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server...
FortiSandbox & FortiDeceptor - Insufficient logging and lack of limitation of failed authentication attempts
An insufficient logging CWE-778 vulnerability in FortiSandbox and FortiDeceptor may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts...
FortiSOAR - HTML Injection Vulnerabilities
Improper neutralization of input during web page generation CWE-79 in FortiSOAR may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR...
FortiADC - Improper input validation in download features
Multiple improper input validation vulnerabilities CWE-20 may allow an authenticated attacker to retrieve files with specific extensions from the underlying Linux system via crafted HTTP requests...
FortiADC - Persistent XSS in Log pages
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via HTTP fields observed in the traffic and event logviews...
FortiADC - Stored XSS vulnerability in external resource page
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC management interface may allow a remote and authenticated attacker to trigger a stored cross site scripting XSS attack via configuring a specially crafted IP Address...
FortiTester - Undocumented shell command
A hidden functionality vulnerability CWE-1242 in FortiTester CLI may allow a local, privileged user to obtain a root shell on the device via an undocumented command...
Protect
An improper access control CWE-284 vulnerability in FortiOS may allow a remote authenticated read-only user to modify the interface settings via the API...
FortiDeceptor - Reflected XSS vulnerability on Lure Resources page
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting XSS attack via sending requests with specially crafted lure resource ID...
FortiMail - Inter-domain information leakage
An improper access control vulnerability CWE-284 in FortiMail may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references IDOR...
FortiTester - Command injection in CLI command
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
FortiSIEM - Glassfish local credentials stored in plain text
An improper authentification vulnerability CWE-287 in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
FortiClient (MAC) - FortiTray stores the SSLVPN password in cleartext
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...
FortiEDR CollectorWindows - protection bypass by killing the process with special tools
An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...
Protect
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...
FortiSOAR - PostgreSQL DB access to local users
A missing authentication for critical function CWE-306 vulnerabilty in FortiSOAR's Postgres database may allow a local attacker to access sensitive information via logging into the database using a privileged account without a password...
Protect
A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS may allow an unauthenticated attacker to perform a man in the middle attack...
FortiADC - WAF XSS Injection Bypass
An improper handling of malformed request vulnerability CWE-228 in FortiADC may allow a remote attacker without privileges to bypass some Web Application Firewall WAF protection such as the SQL Injection and XSS filters via a malformed HTTP request...
FortiManager/FortiAnalyzer - XSS Vulnerability in Report Templates
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiManager and FortiAnalyzer report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281...
Protect
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
Apache commons_text(CVE-2022-42889) and commons_configuration (CVE-2022-33980) vulnerability
CVE-2022-42889:...
Protect
CVE-2022-3602: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue...
FortiTester - Unauthenticated command injection
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in Console, Telnet, and SSH login components of FortiTester may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell...
Protect
An improper neutralization of special elements used in an os command CWE-78 vulnerability in FortiOS may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands...