12 results (0.003 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins. Una exposición de información confidencial del sistema a una vulnerabilidad de esfera de control no autorizada [CWE-497] en FortiADC versión 7.4.1 e inferior, versión 7.2.3 e inferior, versión 7.1.4 e inferior, versión 7.0.5 e inferior, versión 6.2. 6 y siguientes pueden permitir que un administrador de solo lectura vea datos pertenecientes a otros administradores. • https://fortiguard.com/psirt/FG-IR-23-433 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. Una vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un comando de sistema operativo [CWE-78] en la interfaz de administración de FortiADC 7.1.0 a 7.1.1, 7.0.0 a 7.0.3, 6.2.0 a 6.2.5 y 6.1.0 Todas las versiones pueden permitir que un atacante autenticado ejecute comandos no autorizados mediante argumentos específicamente manipulados para comandos existentes. • https://fortiguard.com/psirt/FG-IR-22-310 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. • https://fortiguard.com/psirt/FG-IR-22-335 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands. • https://fortiguard.com/psirt/FG-IR-22-046 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. Existe un manejo inadecuado de la vulnerabilidad de solicitud con formato incorrecto [CWE-228] en FortiADC 5.0 todas las versiones, 6.0.0 todas las versiones, 6.1.0 todas las versiones, 6.2.0 a 6.2.3 y 7.0.0 a 7.0.2. Esto puede permitir a un atacante remoto sin privilegios eludir alguna protección del Firewall de aplicaciones web (WAF), como la inyección SQL y los filtros XSS, a través de una solicitud HTTP con formato incorrecto. • https://fortiguard.com/psirt/FG-IR-22-234 •