Page 7 of 33 results (0.004 seconds)

CVSS: 9.8EPSS: 97%CPEs: 5EXPL: 8

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. Una limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") en Fortinet FortiOS versiones 6.0.0 a 6.0.4, 5.6.3 a 5.6.7 y 5.4.6 a 5.4.12 y FortiProxy versiones 2.0.0, 1. 2.0 a 1.2.8, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7 bajo el portal web SSL VPN permite a un atacante no autenticado descargar archivos del sistema a través de solicitudes de recursos HTTP especialmente diseñadas FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 suffer from a credential disclosure vulnerability. Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests. • https://www.exploit-db.com/exploits/47288 https://www.exploit-db.com/exploits/47287 https://github.com/milo2012/CVE-2018-13379 https://github.com/k4nfr3/CVE-2018-13379-Fortinet https://github.com/B1anda0/CVE-2018-13379 https://github.com/yukar1z0e/CVE-2018-13379 https://github.com/pwn3z/CVE-2018-13379-FortinetVPN https://github.com/nivdolgin/CVE-2018-13379 https://fortiguard.com/advisory/FG-IR-18-384 https://www.fortiguard.com/psirt/FG-IR-20-233 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. Una vulnerabilidad de Cross-site Scripting (XSS) en Fortinet FortiOS 6.0.0 a 6.0.4, 5.6.0 a 5.6.7, 5.4.0 a 5.4.12, 5.2 y posteriores y Fortinet FortiProxy versiones 2.0.0, 1.2.8 y versiones posteriores en el portal web SSL VPN permite al atacante ejecutar sin autorización código de script malicioso a través del error o los parámetros de manejo de mensajes • https://fortiguard.com/advisory/FG-IR-18-383 https://fortiguard.com/advisory/FG-IR-20-230 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. Un desbordamiento del búfer de la pila en Fortinet FortiOS versión 6.0.0 hasta 6.0.4, versión 5.6.0 hasta 5.6.10, versión 5.4.0 hasta 5.4.12, versión 5.2.14 y anteriores y FortiProxy versión 2.0.0, versión 1.2.8 y anteriores en el portal web de SSL VPN puede provocar la finalización del servicio web de SSL VPN para los usuarios registrados debido a un fallo en el manejo de los datos href de javascript al proxiar las páginas web A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users. • https://fortiguard.com/advisory/FG-IR-18-388 https://fortiguard.com/advisory/FG-IR-20-229 • CWE-787: Out-of-bounds Write •