Protect

An authentication bypass using an alternate path or channel vulnerability CWE-288 in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests...

FortiTester - Unauthenticated command injection

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in Console, Telnet, and SSH login components of FortiTester may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell...

FortiTester - Missing account lockout on telnet port

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiTester Telnet port may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack...

Protect

An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of FortiOS & FortiProxy may allow a remote unauthenticated or authenticated see Affected Products section attacker to crash the sslvpn daemon via an HTTP GET request...

FortiTester - Authenticated command injection in certificate import feature

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature...

FortiManager & FortiAnalyzer - Inter ADOM information leakage

An improper access control vulnerability CWE-284 in FortiManager and FortiAnalyzer management interface may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information...

FortiSOAR - OS Command Injection in Agent Password Field

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests...

Protect

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors...

FortiSOAR - Path traversal vulnerabilities in the web API

Multiple relative path traversal vulnerabilities CWE-23 in the web API of FortiSOAR may allow an authenticated attacker to write in the underlying filesystem with nginx permissions via crafted HTTP requests...

FortiADC -- Read-Only user able to modify system files

An improper privilege management vulnerability CWE-269 in FortiADC may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access...

FortiAP & FortiAP-S & FortiAP-W2 & FortiAP-U - Command injection in CLI

An improper neutralization of special elements CWE-89 used in an OS command vulnerability CWE-78 in the command line interpreter of FortiAP, FortiAP-S, FortiAP-W2 and FortiAP-U may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...

FortiSOAR - Privilege escalation from nginx user to root

An improper privilege management vulnerability CWE-269 in FortiSOAR may allow a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

Protect

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt keytab values in FortiOS & FortiProxy may allow an attacker in possession of the encrypted secret to decipher it...

FortiSOAR - Server-Side Template Injection in Playbook component

An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...

FortiMail - Cross-site scripting (XSS) in Webmail

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiMail Webmail may allow an unauthenticated attacker to trigger a cross-site scripting XSS attack via sending specially crafted mail messages...

Protect

An improper verification of source of a communication channel vulnerability CWE-940 in FortiOS may allow a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. This is possible only...

FortiWeb - SQL Injection in delete filter component

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 in FortiWeb delete log filter component may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters...

FortiADC - Unverified password change over the GUI

An unverified password change vulnerability CWE-620 in FortiADC may allow an authenticated attacker to bypass the Old Password check in the password change form for the account the attacker is logged into or for others accounts except admin when the attacker has Read Write access on System via a...

Protect

A format string vulnerability CWE-134 in the command line interpreter of FortiOS, FortiOS-6K7K, FortiProxy, FortiADC, and FortiMail may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

Protect

An improper access control vulnerability CWE-284 in FortiOS may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands...

Protect

A buffer copy without checking size of input 'Classic Buffer Overflow'Â vulnerability CWE-120 in FortiAnalyzer, FortiManager, FortiOS and FortiProxy may allow a privileged attacker to execute arbitrary code or command via crafted CLI execute certificate remote, execute vpn certificate remote and...

FortiAnalyzer & FortiManager - OS command injection vulnerability in CLI

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiAnalyzer & FortiManager may allow an authenticated attacker to execute arbitrary shell code as root user via diagnose system CLI commands...

FortiADC - Multiple SQL Injection vulnerabilities in the management interface

Multiple improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerabilities CWE-89 in FortiADC management interface may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

FortiManager & FortiAnalyzer - Privilege escalation vulnerability

A privilege chaining vulnerability CWE-268 in FortiManager and FortiAnalyzer may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system...

FortiEDR - Cross Site Scripting (XSS) vulnerabilities over the Management Console

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiEDR Central Manager may allow a remote authenticated attacker to perform a reflected cross site scripting attack XSS via injecting a malicious payload into the Management Console through various endpoints...

FortiDeceptor - Path traversal vulnerability

Multiple relative path traversal vulnerabilities CWE-23 in FortiDeceptor management interface may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests...

Protect

An integer overflow / wraparound vulnerability CWE-190 in the FortiOS, FortiProxy, FortiSwitch, FortiRecoder, and FortiVoiceEnterprise dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service...

FortiClient (Windows) - Privilege Escalation via directory traversal attack

A relative path traversal vulnerability CWE-23 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service...

FortiNAC - Unprotected MySQL root account

An empty password in configuration file vulnerability CWE-258 in FortiNAC may allow an authenticated attacker to access the MySQL databases via the CLI...

Protect

A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS and FortiProxy may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...

Protect

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authentication replacement page...

FortiAP-U - Relative path traversal vulnerability in CLI

A path traversal vulnerability CWE-22 in FortiAP-U CLI may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...

FortiDDoS - Use of hardcoded key for the JWT token

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiDDoS API may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device...

FortiAuthenticator - XSS vulnerability in OWA login page

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAuthenticator OWA Agent may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...

Multiple vulnerabilities in Apache Airflow

Security advisories were released affecting the version of Apache Airflow library used in some Fortinet products:...

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS, FortiAnalyzer, FortiManager, and FortiSandbox may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers...

FortiTokenMobile - Missing digital certificate validation

An improper validation of certificate with host mismatch vulnerability CWE-297 in FortiTokenMobile may allow an unauthenticated user to spoof the validation server identity and achieve a Man-in-the-Middle attack...

FortiClient (Windows) - Arbitrary file write as SYSTEM

An execution with unnecessary privileges vulnerability CWE-250 in FortiClientWindows may allow a local attacker to perform an arbitrary file write on the system...

Protect

An improper certificate validation vulnerability CWE-295 in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms...

FortiIsolator -- Unauthorized user able to regenerate CA certificate

An improper access control vulnerability CWE-284 in FortiIsolator may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...

Protect

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiProxy and FortiOS web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...

Protect

An improper access control vulnerability CWE-284 in FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

Multiple vulnerabilities in PJSIP library

Some advisories were released affecting the version of PJSIP library used in some Fortinet products:...

Protect

A server-generated error message containing sensitive information vulnerability CWE-550 in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages...

FortiNAC - SQL Injection

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters...

FortiSOAR - Improper access control on gateway API

An improper access control vulnerability CWE-284 in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests...

FortiClient - Privilege escalation in FortiClient installer

An external control of file name or path vulnerability CWE-73 in FortiClient Windows may allow an unprivileged attacker to delete or execute files with admin rights via the MSI installer...

FortiClient (Linux) - Improper directories permissions

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

FortiEDR - Denial of service due to folder access permission change

An improper control of a resource through its lifetime CWE-664 vulnerability in FortiEDR Collector may allow a privileged attacker to make the application unresponsive via changing its root directory access permission...

FortiClient (Windows) - privilege escalation in online installer due to incorrect working directory

An improper initialization CWE-665 vulnerability in FortiClient Windows may allow a local attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory...