CVE-2012-4948
https://notcve.org/view.php?id=CVE-2012-4948
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities. La configuración predeterminada de Fortinet FortiGate UTM utiliza el mismo certificado de la autoridad de certificación (CA) y la misma clave privada en instalaciones de diferentes clientes, lo que hace que sea más fácil para atacantes MITM (man-in-the-middle) a la hora de falsificar servidores SSL, aprovechando la presencia del certificado Fortinet_CA_SSLProxy en una lista de confianza de la autoridad de certificación raíz. • http://osvdb.org/87048 http://www.kb.cert.org/vuls/id/111708 http://www.securityfocus.com/bid/56382 • CWE-295: Improper Certificate Validation •
CVE-2008-7161 – Fortinet Fortigate - CRLF Characters URL Filtering Bypass
https://notcve.org/view.php?id=CVE-2008-7161
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058. Fortinet FortiGuard Fortinet FortiGate-1000 v3.00 build 040075,070111 permite a atacantes remotos evitar el filtrado URL a través de una petición GET o POST fragmentada que utiliza HTTP/1.0 sin la cabecera Host. Nota: este caso podría estar relacionado con CVE-2005-3058. • https://www.exploit-db.com/exploits/31026 http://www.securityfocus.com/archive/1/485794/100/200/threaded http://www.securityfocus.com/archive/1/485813/100/200/threaded http://www.securityfocus.com/bid/27276 https://exchange.xforce.ibmcloud.com/vulnerabilities/39684 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-3057
https://notcve.org/view.php?id=CVE-2005-3057
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html http://marc.info/?l=bugtraq&m=113986337408103&w=2 http://secunia.com/advisories/18844 http://www.securityfocus.com/bid/16597 http://www.vupen.com/english/advisories/2006/0539 https://exchange.xforce.ibmcloud.com/vulnerabilities/24624 •
CVE-2005-3058 – Fortinet Fortigate 2.x/3.0 - URL Filtering Bypass
https://notcve.org/view.php?id=CVE-2005-3058
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. • https://www.exploit-db.com/exploits/27203 http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html http://secunia.com/advisories/18844 http://www.fortiguard.com/advisory/FGA-2006-10.html http://www.securityfocus.com/archive/1/424858/100/0/threaded http://www.securityfocus.com/bid/16599 http://www.vupen.com/english/advisories/2006/0539 https://exchange.xforce.ibmcloud.com/vulnerabilities/24626 • CWE-264: Permissions, Privileges, and Access Controls •