CVE-2016-6909 – Fortigate Firewalls - 'EGREGIOUSBLUNDER' Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-6909
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. Desbordamiento de búfer en el analizador Cookie en Fortinet FortiOS 4.x en versiones anteriores a 4.1.11, 4.2.x en versiones anteriores a 4.2.13 y 4.3.x en versiones anteriores a 4.3.9 y FortiSwitch en versiones anteriores a 3.4.3 permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP manipulada, también conocido como EGREGIOUSBLUNDER. • https://www.exploit-db.com/exploits/40276 http://fortiguard.com/advisory/FG-IR-16-023 http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html http://www.securityfocus.com/bid/92523 http://www.securitytracker.com/id/1036643 https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3978
https://notcve.org/view.php?id=CVE-2016-3978
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." La Web User Interface (WebUI) en FortiOS 5.0.x en versiones anteriores a 5.0.13, 5.2.x en versiones anteriores a 5.2.3 y 5.4.x en versiones anteriores a 5.4.0 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing o ataques de XSS a través del parámetro "redirect" en "login". • http://seclists.org/fulldisclosure/2016/Mar/68 http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability http://www.securitytracker.com/id/1035332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1909 – Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Access
https://notcve.org/view.php?id=CVE-2016-1909
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. Fortinet FortiAnalyzer en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.5; FortiSwitch 3.3.x en versiones anteriores a 3.3.3; FortiCache 3.0.x en versiones anteriores a 3.0.8; y FortiOS 4.1.x en versiones anteriores a 4.1.11, 4.2.x en versiones anteriores a 4.2.16, 4.3.x en versiones anteriores a 4.3.17 y 5.0.x en versiones anteriores a 5.0.8 tienen una frase de contraseña embebida para la cuenta Fortimanager_Access, lo que permite a atacantes remotos obtener acceso administrativo a través de una sesión SSH. • https://www.exploit-db.com/exploits/43386 http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios http://packetstormsecurity.com/files/135225/FortiGate-OS-5.0.7-SSH-Backdoor.html http://seclists.org/fulldisclosure/2016/Jan/26 http://www.fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability http://www.securitytracker.com/id/1034663 https://twitter.com/esizkur/status/686842135501508608 https://www.exploit-db.com/exploits/39224 https://seclists.org/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-2323
https://notcve.org/view.php?id=CVE-2015-2323
FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets. Vulnerabilidad en FortiOS 5.0.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.4 admite el anonimato, exportación, RC4 y posiblemente otros cifrados débiles al utilizar TLS para conectarse a los servidores de FortiGuard, lo que permite a atacantes man-in-the-middle suplantar contenido TLS mediante la modificación de los paquetes. • http://fortiguard.com/advisory/2015-07-24-weak-ciphers-suites-are-presented-towards-fortiguard-servers http://www.fortiguard.com/advisory/FG-IR-15-021 http://www.securitytracker.com/id/1033092 • CWE-310: Cryptographic Issues •
CVE-2015-3626
https://notcve.org/view.php?id=CVE-2015-3626
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname. Vulnerabilidad de XSS en la página DHCP Monitor en la Web User Interface (WebUI) en Fortinet FortiOS en versiones anteriores a 5.2.4 en dispositivos FortiGate permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de host manipulado. • http://fortiguard.com/advisory/dhcp-hostname-html-injection http://www.fortiguard.com/advisory/FG-IR-15-018 http://www.fortiguard.com/advisory/dhcp-hostname-html-injection http://www.securitytracker.com/id/1033144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •