CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17656
https://notcve.org/view.php?id=CVE-2019-17656
12 Apr 2021 — A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el demonio HTTPD de FortiOS version... • https://fortiguard.com/advisory/FG-IR-19-248 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15938
https://notcve.org/view.php?id=CVE-2020-15938
04 Mar 2021 — When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. Cuando el tráfico que no es HTTP/S (por ejemplo: tráfico SSH, etc.) atraviesa el FortiGate en versiones inferiores a 6.2.5 y por debajo de 6.4.2 en el puerto 80/443, no se redirecciona hacia la política de proxy transparente para su procesamiento, ya que no presenta ... • https://fortiguard.com/advisory/FG-IR-20-172 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6648
https://notcve.org/view.php?id=CVE-2020-6648
21 Oct 2020 — A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. Un vulnerabilidad almacenamiento de información confidencial en texto sin cifrar en la interfaz de línea de comandos de FortiOS en las versiones 6.2.4 y anteriores y Forti... • https://www.fortiguard.com/psirt/FG-IR-20-009 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2020-12818
https://notcve.org/view.php?id=CVE-2020-12818
24 Sep 2020 — An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. Una vulnerabilidad de registro insuficiente en FortiGate versiones anteriores a 6.4.1, puede permitir que el tráfico de un atacante no autenticado hacia direcciones IP propiedad de Fortinet pase desapercibido. • https://fortiguard.com/advisory/FG-IR-20-033 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5591 – Fortinet FortiOS Default Configuration Vulnerability
https://notcve.org/view.php?id=CVE-2019-5591
14 Aug 2020 — A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. Una vulnerabilidad de Configuración Predeterminada en FortiOS puede permitir a un atacante no autenticado en la misma subred interceptar información confidencial al hacerse pasar por el servidor LDAP. Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to interce... • https://www.fortiguard.com/psirt/FG-IR-19-037 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2020-12812 – Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2020-12812
24 Jul 2020 — An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. Una vulnerabilidad de autenticación inapropiada en SSL VPN en FortiOS versiones 6.4.0, 6.2.0 a 6.2.3, 6.0.9 y posteriores, puede resultar en que un usuario sea capaz de iniciar sesión con éxito sin que sea requerido el segundo factor d... • https://fortiguard.com/psirt/FG-IR-19-283 • CWE-178: Improper Handling of Case Sensitivity CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17655
https://notcve.org/view.php?id=CVE-2019-17655
16 Jun 2020 — A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. Una vulnerabilidad de almacenamiento de texto claro en un archivo o en el disco (CWE-313) en FortiOS SSL VPN versión 6.2.0 hasta la versión 6.2.2, versión 6.0.9 y anteriores y FortiP... • https://fortiguard.com/psirt/FG-IR-19-217 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13371
https://notcve.org/view.php?id=CVE-2018-13371
02 Apr 2020 — An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. Una vulnerabilidad de control externo de sistema en FortiOS, puede permitir a un usuario autenticado y regular cambiar la configuración de enrutamiento del dispositivo por medio de una conexión al componente ZebOS. • https://fortiguard.com/advisory/FG-IR-18-230 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5593
https://notcve.org/view.php?id=CVE-2019-5593
23 Jan 2020 — Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. Una comprobación inapropiada de permisos o valores en la consola de la CLI puede permitir a un usuario no privilegiado obtener... • https://fortiguard.com/psirt/FG-IR-19-134 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15705
https://notcve.org/view.php?id=CVE-2019-15705
27 Nov 2019 — An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el portal VPN SSL de FortiOS versiones 6.2.1 y posteriores, y versiones 6.0.6 y posteriores, puede permitir a un atacante remoto no identificado bloquear el servicio VPN SSL enviando una petición POST especialmente diseñ... • https://fortiguard.com/advisory/FG-IR-19-236 • CWE-20: Improper Input Validation •