FortiWLM - stored cross-site scripting in hotspot profile controller

An improper neutralization of input during web page generation vulnerability 'Cross-site Scripting' CWE-79 in FortiWLM may allow an authenticated attacker to perform a stored cross site scripting attack XSS via storing malicious payloads and trigger the attack on victim's client via various...

FortiClient (Windows) - Web filter bypass

An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater...

FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a...

FortiWeb - heap-based buffer overflow in API v1.0 controller

A heap-based buffer overflow CWE-122 vulnerability in FortiWeb may allow an authenticated attacker to execute arbitrary code or commands via crafted HTTP requests to the LogAccess and LogReport API controller...

FortiClientEMS - Sensitive information leak

A missing encryption of sensitive data vulnerability CWE-311 in FortiClientEMS may allow an authenticated attacker to view sensitive information in clear text via any browser development tools...

FortiWeb - Stack-based buffer overflow due to type mismatch

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via SAML login using a crafted certificate...

FortiWeb - Heap-based buffer overflows in API controller

Multiple heap-based buffer overflow vulnerabilities CWE-122 in web API controllers of FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests...

FortiWeb - Stack-based buffer overflows in API controllers

Multiple stack-based buffer overflows CWE-121 in the API controllers of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...

FortiWLM - SQL Injection in script handlers

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiWLM may allow an unauthenticated user to taint database data and extract sensitive informations via crafted HTTP requests to alarm and device handlers...

FortiNAC - improper permissions set for tomcat users configuration file

An incorrect permission assignment for a critical resource vulnerability CWE-732 in FortiNAC may allow an authenticated attacker to access sensitive system data and, as a consequence, raise the authenticated user's privilege to admin...

Protect

An insufficient verification of data authenticity vulnerability CWE-345 in the user interface of FortiProxy and FortiGate SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery CSRF attack . Only SSL VPN in web mode or full mode are impacted by this...

FortiWeb - Open redirect in redir handler due to direct input interpolation

An URL redirection to untrusted site 'Open Redirect' CWE-601 vulnerability in FortiWeb may allow an authenticated attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...

Protect

A heap-based buffer overflow CWE-122 in the firmware signature verification function of FortiOS may allow an attacker to execute arbitrary code via specially crafted installation images...

FortiAuthenticator - "Mandatory password and OTP" setting not enforcing OTP on unimported remote users

An incorrect implementation of authentication algorithm vulnerability CWE-303 in FortiAuthenticator may allow an user whose LDAP account is unimported to bypass the second factor of authentication via a RADIUS login portal...

Protect

A use of hard-coded cryptographic key vulnerability CWE 321 in FortiOS SSLVPN may allow an attacker to retrieve the key by reverse engineering...

FortiWeb - Reflected cross-site scripting vulnerability in login handler

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiWeb may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the login webpage...

Protect

A relative path traversal CWE-23 vulnerabiltiy in FortiOS and FortiProxy may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page...

FortiClient EMS - SAML SSO replay attack

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

FortiWLM - reflected cross-site scripting vulnerability in cgi_bin handlers

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiWLM may allow an authenticated user to perform an XSS attack via crafted HTTP GET requests...

FortiWeb - Path traversal in API controller

Multiple relative path traversal vulnerabilities CWE-23 in the API of FortiWeb may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...

FortiClientWindows & FortiClient EMS - Privilege escalation via DLL Hijacking

An unsafe search path vulnerability in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...

FortiPortal - XSS vulnerability

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiPortal GUI may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid...

FortiManager - ADOMs script information leaked in FortiGate CLI

An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiManager may allow a FortiGate user to see scripts from other ADOMS...

FortiPortal - Reflected cross-site scripting due to wrong sanitization context

Multiple improper neutralization of input during web page generation vulnerabilities CWE-79 in both the customer and provider interfaces of FortiPortal may allow an attacker to perform reflected Cross-site scripting attacks via specially crafted HTTP request parameters...

FortiWLM - SQL Injection in script handlers

An improper neutralization of special elements CWE-79 used in an SQL command vulnerability 'SQL Injection' CWE-89 in FortiWLM may allow an authenticated attacker to disclose sensitive information via crafted HTTP requests to various controllers...

FortiWeb - Uncontrolled resource consumption

An uncontrolled resource consumption vulnerability CWE-400 in FortiWeb may allow an unauthenticated attacker to cause a denial of service via crafted HTTP requests to proxy services...

FortiWeb - Stack-Based Buffer Overflow vulnerability

A stack-based buffer overflow CWE-121 vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values...

FortiPortal - Improper thread synchronization for database operations

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' CWE-362 in the customer database interface of FortiPortal may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

Protect

An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials...

FortiAnalyzer - XSS vulnerability

An improper neutralization of input during web page generation CWE-79 in FortiAnalyzer may allow an attacker to perform a stored Cross Site Scripting XSS attack via specifically crafted requests to the web GUI...

FortiWLM - Command injection in script handlers

An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWLM may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests to various controllers...

FortiClientEMS - Authenticated Injection vulnerabilities

An improper neutralization of input vulnerability CWE-79 in FortiClientEMS may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...

FortiPortal - Denial of service vulnerabilities

Multiple uncontrolled resource consumption vulnerabilities CWE-400 in the web interface of FortiPortal may allow a single low-privileged user to induce a denial of service via multiple HTTP requests...

FortiClient (Windows) - Privilege escalation vulnerability

An improper authorization vulnerability CWE-285 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...

FortiManager - Improper Inter ADOM access control

An improper access control vulnerability CWE-284 in FortiManager may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...

Multiple Products - Retrieval of sensitive information in cleartext via GUI

A cleartext storage of sensitive information in the GUI of FortiADC, FortiSIEM, FortiDDoS, FortiDDoS-CM and FortiDDoS-F may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords, RADIUS shared secret and the Elastic Cloud database password by...

FortiSIEM - privilege escalation by script executionution in Windows Agent

An improper privilege management vulnerability CWE-269 in the FortiSIEM Windows Agent may allow an authenticated user to execute unauthorized code or commands as a privileged user via script execution...

FortiClient (MacOS) - Dylib injection Vulnerability observed in FortiClientMacOS

An improper control of generation of code vulnerability CWE-94 in FortiClient for MacOS may allow an authenticated attacker to hijack the MacOS camera via replacing the FortiClient camera handling library with a malicious one...

FortiPortal - Uncontrolled memory allocation

A memory allocation with excessive size value vulnerability CWE-789 in the license verification function of FortiPortal may allow an attacker to perform a denial of service attack via specially crafted license blobs...

FortiPortal - XML parser is vulnerable to XXE attacks

An improper restriction of XML external entity reference vulnerability CWE-611 in the parser of XML responses of FortiPortal may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file...

FortiSIEM - plaintext storage of sensitive data in Windows Agent

A plaintext storage of a password vulnerability CWE-256 in the FortiSIEM Windows Agent may allow an authenticated user to impersonate the agent registered to the Supervisor via reading specific log files...

FortiClientEMS - Session cookie does not expire after logout

An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...

FortiSandbox - Buffer overflow due to use of size of source buffer in libc safe functions

A stack-based buffer overflow vulnerability CWE-121Â in the profile parser of FortiSandbox may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...

FortiWebManager - Injection vulnerabilities

An improper neutralization of input vulnerability CWE-79 in FortiWebManager may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device...

FortiClientEMS - Directory Traversal vulnerability

A path traversal vulnerability CWE-22 in FortiClientEMS may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...

FortiAnalyzer & FortiManager - Forticloud credentials observed in cleartext in the logfile

An information disclosure vulnerability CWE-200 in FortiAnalyzer and FortiManager VM may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext...

FortiAnalyzer - XSS vulnerability observed in the Column settings of LogView

An improper neutralization of input vulnerability CWE-79 in FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other,...

FortiSDNConnector - Credential leak

An insufficiently protected credentials vulnerability CWE-522 in FortiSDNConnector may allow an authenticated user to obtain third party device credentials via visiting the configuration page in the WebUI...

FortiWeb - Multiple stack-based buffer overflow vulnerabilities in CLI command

Multiple stack-based buffer overflow vulnerabilities in FortiWeb CLI interface may allow an authenticated attacker to execute unauthorized code or commands via config backup arguments...

Protect

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context...