CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-26110
https://notcve.org/view.php?id=CVE-2021-26110
08 Dec 2021 — An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. Una vulnerabilidad de control de acceso inapropiado [CWE-284] en el demonio autod de FortiOS versiones 7.0.0, 6.4.6 y anteriores, 6.2.9 y ant... • https://fortiguard.com/advisory/FG-IR-20-131 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-32600
https://notcve.org/view.php?id=CVE-2021-32600
17 Nov 2021 — An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list. Una vulnerabilidad de exposición de información confidencial a un actor no autorizado en FortiOS CLI versiones 7.0.0, 6.4.0 a 6.4.6, 6.2.0 a 6.2.9, 6.0.x y 5.6.x, puede permitir a un usuar... • https://fortiguard.com/advisory/FG-IR-20-243 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-24018
https://notcve.org/view.php?id=CVE-2021-24018
04 Aug 2021 — A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. Una vulnerabilidad de subescritura del búfer en la rutina de verificación del firmware de FortiOS versiones anteriores a 7.0.1, puede permitir a un atacante ubicado en la red adyacente ejecutar potencialmente código arbitrario por medio de una imagen de firmware específicamente dis... • https://fortiguard.com/advisory/FG-IR-21-046 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 0CVE-2019-17656
https://notcve.org/view.php?id=CVE-2019-17656
12 Apr 2021 — A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el demonio HTTPD de FortiOS version... • https://fortiguard.com/advisory/FG-IR-19-248 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15938
https://notcve.org/view.php?id=CVE-2020-15938
04 Mar 2021 — When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. Cuando el tráfico que no es HTTP/S (por ejemplo: tráfico SSH, etc.) atraviesa el FortiGate en versiones inferiores a 6.2.5 y por debajo de 6.4.2 en el puerto 80/443, no se redirecciona hacia la política de proxy transparente para su procesamiento, ya que no presenta ... • https://fortiguard.com/advisory/FG-IR-20-172 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6648
https://notcve.org/view.php?id=CVE-2020-6648
21 Oct 2020 — A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. Un vulnerabilidad almacenamiento de información confidencial en texto sin cifrar en la interfaz de línea de comandos de FortiOS en las versiones 6.2.4 y anteriores y Forti... • https://www.fortiguard.com/psirt/FG-IR-20-009 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2020-12818
https://notcve.org/view.php?id=CVE-2020-12818
24 Sep 2020 — An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. Una vulnerabilidad de registro insuficiente en FortiGate versiones anteriores a 6.4.1, puede permitir que el tráfico de un atacante no autenticado hacia direcciones IP propiedad de Fortinet pase desapercibido. • https://fortiguard.com/advisory/FG-IR-20-033 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-5591 – Fortinet FortiOS Default Configuration Vulnerability
https://notcve.org/view.php?id=CVE-2019-5591
14 Aug 2020 — A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. Una vulnerabilidad de Configuración Predeterminada en FortiOS puede permitir a un atacante no autenticado en la misma subred interceptar información confidencial al hacerse pasar por el servidor LDAP. Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to interce... • https://www.fortiguard.com/psirt/FG-IR-19-037 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 50%CPEs: 3EXPL: 0CVE-2020-12812 – Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2020-12812
24 Jul 2020 — An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. Una vulnerabilidad de autenticación inapropiada en SSL VPN en FortiOS versiones 6.4.0, 6.2.0 a 6.2.3, 6.0.9 y posteriores, puede resultar en que un usuario sea capaz de iniciar sesión con éxito sin que sea requerido el segundo factor d... • https://fortiguard.com/psirt/FG-IR-19-283 • CWE-178: Improper Handling of Case Sensitivity CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17655
https://notcve.org/view.php?id=CVE-2019-17655
16 Jun 2020 — A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. Una vulnerabilidad de almacenamiento de texto claro en un archivo o en el disco (CWE-313) en FortiOS SSL VPN versión 6.2.0 hasta la versión 6.2.2, versión 6.0.9 y anteriores y FortiP... • https://fortiguard.com/psirt/FG-IR-19-217 • CWE-312: Cleartext Storage of Sensitive Information •