📦 Fortiproxy

This authentication bypass vulnerability allows attackers with a FortiCloud account and registered device to log into other organizations' Fortinet devices when FortiCloud SSO authentication is enable...

This vulnerability allows attackers who know an existing admin account name to bypass authentication and gain full administrative access to affected Fortinet devices. It affects FortiProxy, FortiSwitc...

This critical vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands on affected Fortinet devices via crafted requests to the administrative interface. It affects ...

This vulnerability allows remote attackers to bypass authentication and gain super-admin privileges on affected Fortinet devices by sending crafted requests to the Node.js websocket module. It affects...

This vulnerability allows attackers to bypass weak authentication mechanisms in multiple Fortinet products via brute-force attacks, potentially leading to unauthorized command execution. Affected syst...

This critical vulnerability allows remote attackers to execute arbitrary code or commands on affected Fortinet devices via specially crafted HTTP requests. It affects FortiOS and FortiProxy across mul...

This critical vulnerability allows remote attackers to execute arbitrary code or commands on affected Fortinet devices by sending specially crafted packets that exploit a format string vulnerability. ...

This critical vulnerability allows remote attackers to execute arbitrary code or commands on affected Fortinet devices via specially crafted requests. An out-of-bounds write in FortiOS and FortiProxy ...

A critical stack-based buffer overflow vulnerability in Fortinet FortiOS and FortiProxy allows remote unauthenticated attackers to execute arbitrary code via specially crafted packets. This affects sy...

A heap-based buffer overflow vulnerability in Fortinet's SSL-VPN implementation allows remote attackers to execute arbitrary code via crafted requests. This affects FortiOS versions 7.2.4 and below, 7...

CVE-2022-41331 allows remote unauthenticated attackers to access Redis and MongoDB databases in FortiPresence infrastructure servers. This affects organizations running FortiPresence servers before ve...

A heap-based buffer overflow vulnerability in Fortinet's FortiOS, FortiPAM, and FortiProxy allows authenticated users to execute arbitrary code via crafted RDP bookmark connection requests. This affec...

This vulnerability allows man-in-the-middle attackers to intercept and tamper with connections to Fortinet's ZTNA proxy by exploiting improper certificate validation. It affects FortiProxy and FortiOS...

This CVE describes an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiPAM products that allows unauthenticated attackers to take control of managed devices. Attackers can...

This CVE describes memory corruption vulnerabilities in Fortinet VPN products that could allow authenticated VPN users to execute arbitrary code or commands. The vulnerabilities stem from uninitialize...

This vulnerability allows remote unauthenticated attackers to perform cross-site scripting (XSS) attacks through the SSL VPN web interface in affected Fortinet products. Attackers can inject malicious...

A format string vulnerability in multiple Fortinet products allows privileged attackers to execute arbitrary code via crafted HTTP/HTTPS requests. This affects FortiOS, FortiProxy, FortiPAM, FortiSRA,...

This authentication bypass vulnerability in FortiOS and FortiProxy allows remote unauthenticated attackers to gain super-admin privileges on downstream devices when Security Fabric is enabled. Attacke...

This vulnerability involves insufficiently protected credentials in Fortinet FortiProxy and FortiOS, allowing attackers to execute unauthorized code or commands via social engineering attacks. Affecte...

This CVE describes an authorization bypass vulnerability in FortiOS and FortiProxy SSL-VPN that allows authenticated attackers to access other users' bookmarks through URL manipulation. Attackers can ...

A null pointer dereference vulnerability in Fortinet FortiOS and FortiProxy allows attackers to cause denial of service via specially crafted HTTP requests. This affects multiple versions of both prod...

This vulnerability allows authenticated attackers in Fortinet FortiOS and FortiProxy HA clusters to perform elevated actions through crafted HTTP/HTTPS requests. It affects organizations running vulne...

This cross-site scripting (XSS) vulnerability in Fortinet's FortiProxy and FortiOS web management interfaces allows authenticated attackers to inject and execute malicious JavaScript code via crafted ...

This vulnerability allows authenticated attackers with readonly superadmin privileges in Fortinet FortiOS and FortiProxy to intercept cleartext traffic and obtain other administrators' session cookies...

This CVE describes an out-of-bounds write vulnerability in multiple Fortinet products that allows authenticated attackers to execute arbitrary code or commands via crafted requests. Affected systems i...

This vulnerability allows unauthenticated attackers to execute cross-site scripting (XSS) attacks against Fortinet FortiOS and FortiProxy devices via crafted HTTP GET requests. Attackers can inject ma...

This CVE-2022-41335 is a relative path traversal vulnerability in Fortinet products that allows authenticated attackers to read and write arbitrary files on the underlying Linux system via crafted HTT...

This vulnerability allows unauthenticated attackers to perform path traversal attacks on FortiOS and FortiProxy login pages, potentially exposing sensitive server information. Attackers can inject pat...

This vulnerability allows authenticated low-privileged attackers to escalate their privileges to super_admin on affected Fortinet devices. Attackers can exploit improper access control in the autod da...

This vulnerability allows authenticated remote attackers to bypass access controls in FortiProxy SSL VPN portal, potentially accessing internal services like the ZebOS Shell. Affected systems include ...

This vulnerability allows read-only administrators to retrieve API tokens of other administrators by examining REST API logs when REST API logging is enabled. This affects Fortinet's FortiOS, FortiPro...

An authenticated attacker can access static files from other VDOMs (Virtual Domains) in affected Fortinet products by sending specially crafted HTTP/HTTPS requests. This improper authorization vulnera...

This vulnerability allows unauthenticated attackers to perform reflected cross-site scripting (XSS) attacks against Fortinet FortiOS, FortiProxy, and FortiSASE products via crafted HTTP requests. Atta...

This vulnerability allows an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests, causing denial of service. Affected systems include FortiOS, Forti...

This CVE describes a stack-based buffer overflow vulnerability in Fortinet FortiOS that allows attackers to execute arbitrary code or commands via specially crafted CLI commands. The vulnerability aff...

This CVE describes an authentication bypass vulnerability in FortiOS and FortiProxy that allows authenticated attackers to elevate privileges via malicious Webhook actions in the Automation Stitch com...

An integer overflow vulnerability in Fortinet SSL-VPN RDP/VNC bookmarks allows authenticated users to craft requests that may crash the SSL-VPN service, causing denial of service. This affects FortiOS...

A double free vulnerability in multiple Fortinet products allows privileged attackers to execute arbitrary code or commands via crafted HTTP/HTTPS requests. This affects FortiOS, FortiPAM, and FortiPr...

This vulnerability allows remote unauthenticated attackers to bypass DNS filtering protections on Fortinet devices when Apple devices are used. It affects FortiOS and FortiProxy across multiple versio...

This CVE describes an improper privilege management vulnerability in multiple Fortinet products where authenticated users with read-only admin permissions can escalate to super-admin privileges via cr...

This vulnerability allows authenticated remote attackers to inject malicious scripts into the SSL VPN portal of affected Fortinet devices. When other users access the compromised portal pages, the scr...

This vulnerability allows attackers to poison web caches by sending crafted HTTP requests with malicious Host headers to Fortinet devices. Attackers can redirect users to arbitrary malicious servers, ...

This CVE describes an injection vulnerability in Fortinet's SSL-VPN web user interface that could allow remote unauthenticated attackers to perform phishing attempts. The vulnerability affects FortiOS...

This vulnerability allows unauthenticated attackers to execute arbitrary code or commands on affected Fortinet devices by sending specially crafted packets. It affects multiple Fortinet products inclu...

This CVE describes a format string vulnerability in multiple Fortinet products that allows attackers to execute arbitrary code or commands. The vulnerability affects FortiProxy, FortiPAM, FortiOS, and...

This CVE describes an improper privilege management vulnerability in multiple Fortinet products that allows authenticated administrators to bypass trusted host policies via crafted CLI commands. The v...