Page 14 of 91 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. Una vulnerabilidad de tipo cross-site-scripting en FortiGate versiones 5.2.0 a 5.2.10 de Fortinet, permite al atacante ejecutar código o comandos no autorizados por medio del parámetro srcintf durante la Creación de Políticas de Firewall. • http://www.securityfocus.com/bid/98048 http://www.securitytracker.com/id/1038367 https://fortiguard.com/psirt/FG-IR-17-017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 26EXPL: 0

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. Una vulnerabilidad tipo XSS (Cross-Site-Scripting) almacenado en FortiOS de Fortinet, permite a los atacantes ejecutar código o comandos no autorizados por medio del parámetro policy global-label. • http://www.securityfocus.com/bid/98514 http://www.securitytracker.com/id/1038541 https://fortiguard.com/psirt/FG-IR-17-057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 26EXPL: 0

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. Las sesiones de larga duración en dispositivos Fortinet FortiGate con FortiOS 5.x en versiones anteriores a 5.4.0 podría violar una política de seguridad durante las actualizaciones de firmas IPS cuando el IPSengine de FortiGate está configurado en modo de flujo. Todas las versiones FortiGate con IPS configurado en modo proxy (el modo predeterminado) no están afectadas. • http://fortiguard.com/advisory/FG-IR-16-088 http://www.securityfocus.com/bid/94477 • CWE-254: 7PK - Security Features •

CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. Un administrador de sólo lectura en dispositivos Fortinet con FortiOS 5.2.x en versiones anteriores a 5.2.10 GA y FortiOS 5.4.x en versiones anteriores a 5.4.2 GA puede tener acceso de lectura-escritura a hashes de contraseñas de administradores (no incluyendo super-admins), almacenados en el dispositivo a través de la API Rest webui, y puede por lo tanto ser capaz de romperlo. • http://fortiguard.com/advisory/FG-IR-16-050 http://www.securityfocus.com/bid/94690 http://www.securitytracker.com/id/1037394 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. La implementación de un ANSI X9.31 RNG en Fortinet FortiGate permite a atacantes obtener acceso de lectura no autorizada a los datos manejados por el dispositivo a través de descifrado IPSec/TLS. • http://www.securityfocus.com/bid/94480 https://fortiguard.com/advisory/FG-IR-16-067 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •