Fortinet Fortios vulnerabilities

CVE-2021-41019 [MEDIUM] CWE-295 CVE-2021-41019: An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

CVE-2021-24018 [HIGH] CWE-787 CVE-2021-24018: A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may a A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.

CVE-2021-24012 [HIGH] CWE-295 CVE-2021-24012: An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.

CVE-2020-15938 [HIGH] CVE-2020-15938: When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6. When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.

CVE-2020-15937 [MEDIUM] CWE-79 CVE-2020-15937: An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x b An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.

CVE-2020-12818 [MEDIUM] CVE-2020-12818: An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauth An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

CVE-2019-5591 [MEDIUM] CWE-306 CVE-2019-5591: A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same s A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

CVE-2020-12812 [CRITICAL] CVE-2020-12812: An improper authentication vulnerability in SSL VPN in FortiOS 6 An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

CVE-2018-13371 [HIGH] CVE-2018-13371: An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via conne An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.

CVE-2019-6696 [MEDIUM] CWE-20 CVE-2019-6696: An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 unde An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.

CVE-2019-5593 [MEDIUM] CVE-2019-5593: Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificat

CVE-2019-15703 [HIGH] CWE-331 CVE-2019-15703: An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side chan

CVE-2019-5587 [MEDIUM] CWE-345 CVE-2019-5587: Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions b Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.

CVE-2018-13384 [MEDIUM] CWE-601 CVE-2018-13384: A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN w A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.

CVE-2019-5586 [MEDIUM] CWE-79 CVE-2019-5586: A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6 A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.

CVE-2019-5588 [MEDIUM] CWE-79 CVE-2019-5588: A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VP A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.

CVE-2018-13365 [MEDIUM] CWE-200 CVE-2018-13365: An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.

CVE-2018-13366 [MEDIUM] CWE-200 CVE-2018-13366: An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker t An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.

CVE-2018-9185 [HIGH] CWE-200 CVE-2018-9185: An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.

CVE-2017-7733 [MEDIUM] CWE-79 CVE-2017-7733: A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a rem A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter.