Summary
| Detail | |||
|---|---|---|---|
| Vendor | Fortinet | First view | 2014-08-25 |
| Product | Fortios | Last view | 2024-03-12 |
| Version | 5.0.7 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:fortinet:fortios | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2024-03-12 | CVE-2024-23112 | An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation. |
| 8.8 | 2024-03-12 | CVE-2023-46717 | An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts. |
| 8.1 | 2024-03-12 | CVE-2023-42790 | A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. |
| 9.8 | 2024-03-12 | CVE-2023-42789 | A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. |
| 9.8 | 2024-02-15 | CVE-2024-23113 | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. |
| 4.8 | 2024-02-15 | CVE-2023-47537 | An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 and 7.4.0 - 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. |
| 9.8 | 2024-02-09 | CVE-2024-21762 | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests |
| 5.3 | 2023-12-13 | CVE-2023-47536 | An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update. |
| 8.8 | 2023-12-13 | CVE-2023-36639 | A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. |
| 6.5 | 2023-11-14 | CVE-2023-36641 | A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. |
| 6.7 | 2023-11-14 | CVE-2023-28002 | An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. |
| 8.8 | 2023-10-10 | CVE-2023-41841 | An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. |
| 5.3 | 2023-10-10 | CVE-2023-41675 | A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. |
| 7.5 | 2023-10-10 | CVE-2023-40718 | A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. |
| 7.5 | 2023-10-10 | CVE-2023-37935 | A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. |
| 5.4 | 2023-10-10 | CVE-2023-36555 | An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. |
| 4.3 | 2023-10-10 | CVE-2023-33301 | An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. |
| 5.4 | 2023-09-13 | CVE-2023-29183 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting. |
| 4.2 | 2023-09-01 | CVE-2022-22305 | An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. |
| 6.7 | 2023-08-17 | CVE-2023-29182 | A stack-based buffer overflow vulnerability [CWE-121]Â in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections. |
| 9.8 | 2023-07-26 | CVE-2023-33308 | A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. |
| 6.7 | 2023-07-18 | CVE-2021-43072 | A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol. |
| 9.8 | 2023-07-11 | CVE-2023-28001 | An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. |
| 3.3 | 2023-07-11 | CVE-2022-22302 | A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem. |
| 6.5 | 2023-06-16 | CVE-2023-33307 | A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 17% (21) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 11% (14) | CWE-787 | Out-of-bounds Write |
| 8% (10) | CWE-200 | Information Exposure |
| 5% (7) | CWE-295 | Certificate Issues |
| 4% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 3% (4) | CWE-287 | Improper Authentication |
| 3% (4) | CWE-134 | Uncontrolled Format String |
| 3% (4) | CWE-20 | Improper Input Validation |
| 2% (3) | CWE-798 | Use of Hard-coded Credentials |
| 2% (3) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 2% (3) | CWE-345 | Insufficient Verification of Data Authenticity |
| 2% (3) | CWE-312 | Cleartext Storage of Sensitive Information |
| 2% (3) | CWE-310 | Cryptographic Issues |
| 2% (3) | CWE-269 | Improper Privilege Management |
| 1% (2) | CWE-476 | NULL Pointer Dereference |
| 1% (2) | CWE-203 | Information Exposure Through Discrepancy |
| 0% (1) | CWE-755 | Improper Handling of Exceptional Conditions |
| 0% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (1) | CWE-639 | Access Control Bypass Through User-Controlled Key |
| 0% (1) | CWE-613 | Insufficient Session Expiration |
| 0% (1) | CWE-532 | Information Leak Through Log Files |
| 0% (1) | CWE-494 | Download of Code Without Integrity Check |
| 0% (1) | CWE-436 | Interpretation Conflict |
| 0% (1) | CWE-416 | Use After Free |
| 0% (1) | CWE-354 | Improper Validation of Integrity Check Value |
SAINT Exploits
| Description | Link |
|---|---|
| FortiOS Fortimanager_Access SSH account backdoor | More info here |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51470 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51469 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51468 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51467 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51466 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51465 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-01 | Fortinet Fortigate SSL VPN improper authorization attempt RuleID : 51387 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-01 | Fortigate SSL VPN javascript parsing heap buffer overflow attempt RuleID : 51376 - Type : SERVER-OTHER - Revision : 1 |
| 2019-10-01 | Fortigate SSL VPN javascript parsing heap buffer overflow attempt RuleID : 51375 - Type : SERVER-OTHER - Revision : 1 |
| 2019-10-01 | Fortinet FortiOS SSL VPN web portal directory traversal attempt RuleID : 51372 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-01 | Fortinet FortiOS SSL VPN web portal directory traversal attempt RuleID : 51371 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-01 | Fortinet FortiOS SSL VPN web portal directory traversal attempt RuleID : 51370 - Type : SERVER-WEBAPP - Revision : 1 |
| 2018-02-08 | Fortinet FortiOS redir parameter cross site scripting attempt RuleID : 45401 - Type : SERVER-WEBAPP - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-12-05 | Name: The remote host is affected by an information disclosure vulnerability. File: fortios_FG-IR-18-325.nasl - Type: ACT_GATHER_INFO |
| 2018-10-05 | Name: The remote host is affected by an information disclosure vulnerability. File: fortios_FG-IR-18-085.nasl - Type: ACT_GATHER_INFO |
| 2018-06-29 | Name: The remote host is affected by multiple vulnerabilities. File: fortios_FG-IR-18-027.nasl - Type: ACT_GATHER_INFO |
| 2018-06-08 | Name: The remote host is affected by multiple vulnerabilities. File: fortios_FG-IR-17-245.nasl - Type: ACT_GATHER_INFO |
| 2018-02-02 | Name: The remote host is affected by a cross-site scripting vulnerability. File: fortios_FG-IR-17-262.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The remote host is affected by a cross-site scripting vulnerability. File: fortios_FG-IR-17-242.nasl - Type: ACT_GATHER_INFO |
| 2017-08-02 | Name: The remote host is affected by multiple vulnerabilities. File: fortios_FG-IR-17-104.nasl - Type: ACT_GATHER_INFO |
| 2017-05-24 | Name: The remote host is affected by a cross-site scripting vulnerability. File: fortios_FG-IR-17-057.nasl - Type: ACT_GATHER_INFO |
| 2016-12-01 | Name: The remote host is affected by a security bypass vulnerability. File: fortios_CVE-2016-7541.nasl - Type: ACT_GATHER_INFO |
| 2016-01-13 | Name: The SSH server running on the remote host can be logged into using default SS... File: fortios_ssh_backdoor.nasl - Type: ACT_ATTACK |
| 2015-09-11 | Name: The remote host supports weak ciphers File: fortios_FG-IR-15-021.nasl - Type: ACT_GATHER_INFO |
| 2014-09-30 | Name: The remote host is affected by multiple vulnerabilities. File: fortios_FG-IR-14-006.nasl - Type: ACT_GATHER_INFO |
