Search KB

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe.

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to  perform a brute force attack on the affected endpoints via repeated login attempts.

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.

A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.

A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests.

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place.

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.