FortiWeb - Unauthorized Configuration Download Vulnerability

An unauthorized configuration download vulnerability CWE-285 in FortiWeb may allow a local attacker to access confidential configuration files via a crafted http request...

FortiSandbox - Improper password storage mechanism

A use of password hash with insufficient computational effort vulnerability CWE-916 in FortiSandbox may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords...

FortiWeb - Multiple Stack based buffer overflow in web interface

Multiple buffer overflow CWE-121 vulnerabilities in the web server of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted HTTP requests...

FortiExtender - multiple command injection vulnerabilities in webserver

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the webserver of FortiExtender may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters...

FortiWeb - Stack-based Buffer Overflow in command line interpreter

A stack-based buffer overflow CWE-121 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

FortiWeb - OS command injection in Web GUI

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

Protect

An improper neutralization of input during web page generation CWE-79 vulnerability in FortiOS may allow a remote, unauthenticated attacker to launch a cross site scripting XSS attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. Â...

FortiNAC - Unauthenticated access to administrative operations

An improper authorization vulnerability CWE-285 in FortiNAC may allow an unauthenticated attacker to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

FortiADC - OS command injection vulnerability in CLI

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute arbitrary shell code as root via CLI commands...

FortiWeb - Multiple OS command injection

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...

FortiWeb - Heap based overflow in CLI

A buffer overflow vulnerability CWE-122 in the the command line interpreter of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted arguments to existing commands...

FortiWeb - Path traversal in API controller

A relative path traversal vulnerability CWE-23 in the API of FortiWeb may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...

FortiNAC - External Control of File Name or Path in keyUpload scriptlet

An external control of file name or path vulnerability CWE-73 in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system...

Protect

An improper verification of cryptographic signature vulnerability CWE-347 in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter...

FortiWeb - Relative path traversal in web API

A path traversal vulnerability CWE-23 in the API of FortiWeb may allow a unauthenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests...

Protect

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys ddns-key or n-mhae-key in FortiOS & FortiProxy configuration may allow an attacker in possession of the encrypted key to decipher it...

FortiWeb - Stack based buffer overflow in SAML management

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files...

FortiNAC - Multiple Command Injections in webserver

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the webserver of FortiNAC may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters...

FortiWeb - header injection in FortiWeb API

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary headers...

FortiManager - Incorrect user management behavior leads to passwordless admin

An incorrect user management vulnerability CWE-286 in the FortiManager VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin profiled admin account is deleted...

FortiPortal - XSS observed on policy column settings

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiPortal management interface may allow a remote authenticated attacker to perform a stored cross site scripting XSS attack via sending request with specially crafted columnindex parameter...

FortiADC - command injection in web interface

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...

FortiTester - Multiple command injection vulnerabilities in GUI and API

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell...

Protect

A heap-based buffer overflow vulnerability CWE-122 in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests...

FortiSOAR - HTML Injection Vulnerabilities

Improper neutralization of input during web page generation CWE-79 in FortiSOAR may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR...

Protect

An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server...

FortiADC - SQL injection vulnerability in configuration backup feature

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

Protect

A improper neutralization of input during web page generation 'cross-site scripting' CWE-79 in FortiOS may allow a privileged attacker to perform a stored XSS attack via storing malicious payloads in replacement messages...

FortiADC - Improper input validation in download features

Multiple improper input validation vulnerabilities CWE-20 may allow an authenticated attacker to retrieve files with specific extensions from the underlying Linux system via crafted HTTP requests...

FortiSandbox & FortiDeceptor - Insufficient logging and lack of limitation of failed authentication attempts

An insufficient logging CWE-778 vulnerability in FortiSandbox and FortiDeceptor may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts...

FortiSOAR - PostgreSQL DB access to local users

A missing authentication for critical function CWE-306 vulnerabilty in FortiSOAR's Postgres database may allow a local attacker to access sensitive information via logging into the database using a privileged account without a password...

FortiClient (MAC) - FortiTray stores the SSLVPN password in cleartext

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...

Protect

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...

FortiTester - Command injection in CLI command

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

FortiSIEM - Glassfish local credentials stored in plain text

An improper authentification vulnerability CWE-287 in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

Protect

An improper access control CWE-284 vulnerability in FortiOS may allow a remote authenticated read-only user to modify the interface settings via the API...

FortiTester - Undocumented shell command

A hidden functionality vulnerability CWE-1242 in FortiTester CLI may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

FortiADC - Persistent XSS in Log pages

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via HTTP fields observed in the traffic and event logviews...

Protect

An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...

FortiMail - Inter-domain information leakage

An improper access control vulnerability CWE-284 in FortiMail may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references IDOR...

Protect

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS may allow an unauthenticated attacker to perform a man in the middle attack...

FortiDeceptor - Reflected XSS vulnerability on Lure Resources page

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting XSS attack via sending requests with specially crafted lure resource ID...

FortiEDR CollectorWindows - protection bypass by killing the process with special tools

An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...

FortiADC - WAF XSS Injection Bypass

An improper handling of malformed request vulnerability CWE-228 in FortiADC may allow a remote attacker without privileges to bypass some Web Application Firewall WAF protection such as the SQL Injection and XSS filters via a malformed HTTP request...

FortiManager/FortiAnalyzer - XSS Vulnerability in Report Templates

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiManager and FortiAnalyzer report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281...

FortiADC - Stored XSS vulnerability in external resource page

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC management interface may allow a remote and authenticated attacker to trigger a stored cross site scripting XSS attack via configuring a specially crafted IP Address...

Apache commons_text(CVE-2022-42889) and commons_configuration (CVE-2022-33980) vulnerability

CVE-2022-42889:...

Protect

CVE-2022-3602: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue...

FortiAnalyzer & FortiManager - improper authorization to template image

An exposure of resource to wrong sphere vulnerability CWE-668 in FortiAnalyzer and FortiManager GUI may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path...

Protect

An improper neutralization of special elements used in an os command CWE-78 vulnerability in FortiOS may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands...