649 matches found
FortiWeb - heap-based buffer overflow in API v1.0 controller
A heap-based buffer overflow CWE-122 vulnerability in FortiWeb may allow an authenticated attacker to execute arbitrary code or commands via crafted HTTP requests to the LogAccess and LogReport API controller...
FortiWLM - SQL Injection in script handlers
An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiWLM may allow an unauthenticated user to taint database data and extract sensitive informations via crafted HTTP requests to alarm and device handlers...
Protect
A relative path traversal CWE-23 vulnerabiltiy in FortiOS and FortiProxy may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page...
FortiClient (Windows) - Web filter bypass
An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater...
FortiWLM - reflected cross-site scripting vulnerability in cgi_bin handlers
An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiWLM may allow an authenticated user to perform an XSS attack via crafted HTTP GET requests...
Protect
An integer overflow or wraparound vulnerability CWE-190 in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution...
Protect
A heap-based buffer overflow CWE-122 in the firmware signature verification function of FortiOS may allow an attacker to execute arbitrary code via specially crafted installation images...
FortiWeb - Unauthorized user is granted access to the Reports available in the Log & Report section
An improper access control vulnerability CWE-284 in the Report Browse section of FortiWeb's Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs...
FortiWeb - Open redirect due to missing domain whitelisting
A URL redirection to untrusted site 'Open Redirect' CWE-601 in FortiWeb may allow an authenticated attacker to use the device as proxy to reach any protected host via crafted HTTP requests...
FortiClientEMS - Sensitive information leak
A missing encryption of sensitive data vulnerability CWE-311 in FortiClientEMS may allow an authenticated attacker to view sensitive information in clear text via any browser development tools...
FortiWeb - Heap-based buffer overflows in API controller
Multiple heap-based buffer overflow vulnerabilities CWE-122 in web API controllers of FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests...
Protect
A download of code without integrity check vulnerability CWE-494 in the "execute restore src-vis" command of FortiOS may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages...
Meru AP - Unrestricted execution of OS commands as root
An improper sanitization of commands elements OS Command Injection vulnerability CWE-78 in Meru AP may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted commands in Meru AP's CLI...
FortiWeb - Stack-based buffer overflow due to type mismatch
A stack-based buffer overflow vulnerability CWE-121 in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via SAML login using a crafted certificate...
Protect
An insufficient verification of data authenticity vulnerability CWE-345 in the user interface of FortiProxy and FortiGate SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery CSRF attack . Only SSL VPN in web mode or full mode are impacted by this...
FortiWeb - Multiple command injection vulnerabilities
Multiple command injection vulnerabilities CWE-78 in the command line interpreter of FortiWeb may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments...
FortiClient (Windows) - Denial of service due to folder access permission change
An improper control of a resource through its lifetime CWE-664 vulnerability in FortiClient Windows may allow a privileged attacker to make the whole application unresponsive via changing its root directory access permission...
FortiWeb - Incorrect handling of large requests leads to denial of service
An uncontrolled resource consumption vulnerability CWE-400 in FortiWeb may allow an unauthenticated attacker to cause a Denial of Service to the FortiWeb's HTTP daemon via sending a large amount of crafted HTTP requests...
Protect
An improper access control vulnerability CWE-284 in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted configuration of fabric automation CLI script and auto-script features...
FortiWeb - OS command injection
Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
FortiClientWindows & FortiClient EMS - Privilege escalation via DLL Hijacking
An unsafe search path vulnerability in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...
FortiPortal - XML parser is vulnerable to XXE attacks
An improper restriction of XML external entity reference vulnerability CWE-611 in the parser of XML responses of FortiPortal may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file...
FortiWLM - Command injection in script handlers
An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWLM may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests to various controllers...
FortiSIEM - privilege escalation by script executionution in Windows Agent
An improper privilege management vulnerability CWE-269 in the FortiSIEM Windows Agent may allow an authenticated user to execute unauthorized code or commands as a privileged user via script execution...
FortiSIEM - plaintext storage of sensitive data in Windows Agent
A plaintext storage of a password vulnerability CWE-256 in the FortiSIEM Windows Agent may allow an authenticated user to impersonate the agent registered to the Supervisor via reading specific log files...
FortiAnalyzer - XSS vulnerability
An improper neutralization of input during web page generation CWE-79 in FortiAnalyzer may allow an attacker to perform a stored Cross Site Scripting XSS attack via specifically crafted requests to the web GUI...
FortiPortal - XSS vulnerability
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiPortal GUI may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid...
FortiWeb - Uncontrolled resource consumption
An uncontrolled resource consumption vulnerability CWE-400 in FortiWeb may allow an unauthenticated attacker to cause a denial of service via crafted HTTP requests to proxy services...
FortiClient (MacOS) - Dylib injection Vulnerability observed in FortiClientMacOS
An improper control of generation of code vulnerability CWE-94 in FortiClient for MacOS may allow an authenticated attacker to hijack the MacOS camera via replacing the FortiClient camera handling library with a malicious one...
FortiPortal - Reflected cross-site scripting due to wrong sanitization context
Multiple improper neutralization of input during web page generation vulnerabilities CWE-79 in both the customer and provider interfaces of FortiPortal may allow an attacker to perform reflected Cross-site scripting attacks via specially crafted HTTP request parameters...
Multiple Products - Retrieval of sensitive information in cleartext via GUI
A cleartext storage of sensitive information in the GUI of FortiADC, FortiSIEM, FortiDDoS, FortiDDoS-CM and FortiDDoS-F may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords, RADIUS shared secret and the Elastic Cloud database password by...
FortiPortal - Uncontrolled memory allocation
A memory allocation with excessive size value vulnerability CWE-789 in the license verification function of FortiPortal may allow an attacker to perform a denial of service attack via specially crafted license blobs...
FortiManager - ADOMs script information leaked in FortiGate CLI
An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiManager may allow a FortiGate user to see scripts from other ADOMS...
FortiWLM - SQL Injection in script handlers
An improper neutralization of special elements CWE-79 used in an SQL command vulnerability 'SQL Injection' CWE-89 in FortiWLM may allow an authenticated attacker to disclose sensitive information via crafted HTTP requests to various controllers...
Protect
An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials...
FortiClient (Windows) - Privilege escalation vulnerability
An improper authorization vulnerability CWE-285 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...
FortiPortal - Denial of service vulnerabilities
Multiple uncontrolled resource consumption vulnerabilities CWE-400 in the web interface of FortiPortal may allow a single low-privileged user to induce a denial of service via multiple HTTP requests...
FortiPortal - Improper thread synchronization for database operations
A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' CWE-362 in the customer database interface of FortiPortal may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...
FortiWeb - Stack-Based Buffer Overflow vulnerability
A stack-based buffer overflow CWE-121 vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values...
FortiClientEMS - Authenticated Injection vulnerabilities
An improper neutralization of input vulnerability CWE-79 in FortiClientEMS may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...
FortiManager - Improper Inter ADOM access control
An improper access control vulnerability CWE-284 in FortiManager may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...
FortiSDNConnector - Credential leak
An insufficiently protected credentials vulnerability CWE-522 in FortiSDNConnector may allow an authenticated user to obtain third party device credentials via visiting the configuration page in the WebUI...
FortiAnalyzer - XSS vulnerability observed in the Column settings of LogView
An improper neutralization of input vulnerability CWE-79 in FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other,...
FortiAnalyzer & FortiManager - Forticloud credentials observed in cleartext in the logfile
An information disclosure vulnerability CWE-200 in FortiAnalyzer and FortiManager VM may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext...
FortiWebManager - Injection vulnerabilities
An improper neutralization of input vulnerability CWE-79 in FortiWebManager may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device...
FortiClientEMS - Directory Traversal vulnerability
A path traversal vulnerability CWE-22 in FortiClientEMS may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...
FortiSandbox - Buffer overflow due to use of size of source buffer in libc safe functions
A stack-based buffer overflow vulnerability CWE-121Â in the profile parser of FortiSandbox may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...
FortiClientEMS - Session cookie does not expire after logout
An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
Insufficient validation logic in Fortisandbox sniffer's max file size
An improper input validation vulnerability in the sniffer interface of FortiSandbox may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests...
FortiManager - Excel formula injection in P&O IPv4 Policy names Vulnerability
An improper neutralization of formula elements vulnerability CWE 1236 in FortiManager may allow a local authenticated privileged attacker to execute arbitrary shell code on the end-user's host via inserting CSV formula in the policy names. This is achieved once the user downloads and opens the...