NotCVE - vendor:"Fortinet" product:"FortiOS" version:" >= 6.2.0 <= 6.2.15"

Page 10 of 93 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 3

CVE-2019-6693

https://notcve.org/view.php?id=CVE-2019-6693

21 Nov 2019 — Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set). El uso de una clave criptográfica embebida para cifrar datos confidenciales en el archivo de respaldo de configuración de ... • https://github.com/gquere/CVE-2019-6693 • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-15703

https://notcve.org/view.php?id=CVE-2019-15703

24 Oct 2019 — An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. Una Entropía Insuficiente en la vulnerabilidad del PRNG en Fortinet FortiOS versión 6.2.1, 6.2.0, 6.0.8 y posteriores... • https://fortiguard.com/psirt/FG-IR-19-186 • CWE-331: Insufficient Entropy •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-13367

https://notcve.org/view.php?id=CVE-2018-13367

23 Aug 2019 — An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. Una vulnerabilidad de exposición a la información en FortiOS 6.2.3, 6.2.0 y posteriores puede permitir que un atacante no autenticado obtenga información de la plataforma, como la versión, los modelos, mediante el análisis de un archivo JavaScript a través de admin webUI. • https://fortiguard.com/advisory/FG-IR-18-173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1...8 9 10