• 0 800 357272
  • Ця електронна адреса захищена від спам-ботів. Вам необхідно увімкнути JavaScript, щоб побачити її.
  • Пн-Пт 09:00-18:00

PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
  1. An improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiManager, FortiOS, FortiProxy, FortiRecorder, FortiVoice and FortiWeb may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files and a remote unauthenticated attacker with the same network access to delete an arbitrary folder. Revised on 2025-01-16 00:00:00
  2. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.Please note that reports show this is being exploited in the wild. Revised on 2025-01-15 00:00:00
  3. An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiManager & FortiAnalyzer may allow a remote attacker with low privileges to read sensitive information via crafted HTTP requests. Revised on 2025-01-15 00:00:00
  4. A stack-based buffer overflow [CWE-121] vulnerability in FortiOS administrative interface may allow a privileged attacker to execute arbitrary code or commands via crafted HTTP or HTTPs requests. Revised on 2025-01-15 00:00:00
  5. The Fortinet Product Security team has evaluated the impact of the vulnerablity HTTP/2 Rapid Reset Attack, listed below:CVE-2023-44487:The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly.https://nvd.nist.gov/vuln/detail/CVE-2023-44487 Revised on 2025-01-15 00:00:00
  6. An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS and FortiSASE FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. Revised on 2025-01-15 00:00:00
  7. An Out-of-bounds Read vulnerability [CWE-125] in FortiOS and FortiSASE FortiOS tenant IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests. Revised on 2025-01-15 00:00:00
  8. A out-of-bounds write vulnerability [CWE-787] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.Workaround : disable SSL VPN (disable webmode is NOT a valid workaround)Note: This is potentially being exploited in the wild. Revised on 2025-01-15 00:00:00
  9. A relative path traversal [CWE-23] vulnerability in FortiManager and FortiAnalyzer may allow a remote attacker with low privileges to execute unauthorized code via crafted HTTP requests. Revised on 2025-01-15 00:00:00
  10. An operation on a resource after expiration or release vulnerability [CWE-672] in FortiManager may allow a Fortigate admin account that is deleted through FortiManager to still be able to login to the FortiGate via valid credentials. Revised on 2025-01-14 00:00:00
  11. A relative path traversal vulnerability [CWE-23] in FortiManager administrative interface may allow a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.  Revised on 2025-01-14 00:00:00
  12. A relative path traversal vulnerability [CWE-23] in FortiManager administrative interface may allow a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.  Revised on 2025-01-14 00:00:00
  13. A relative path traversal vulnerability [CWE-23] in FortiManager & FortiAnalyzer may allow a privileged attacker with super-admin profile and CLI access to write files on the underlying system via crafted HTTP or HTTPS requests. Revised on 2025-01-14 00:00:00
  14. An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. Revised on 2025-01-14 00:00:00
  15. An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise may allow an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests Revised on 2025-01-14 00:00:00
  16. Fortinet Product Security team has evaluated the impact of the vulnerablity affecting Google Chrome library listed below:CVE-2023-4863: severity HIGHHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.https://nvd.nist.gov/vuln/detail/CVE-2023-4863FortiClient and FortiClientEMS applications have embedded Chrome browser (for SAML authentication and administrative console application.)FortiSOAR is using Chrome to render reports on the backend.Libwepb is the library which renders ".webp" images into chrome browser.When a malicious image is displayed in chrome (with data overflow), program execution might be modified by the attacker. The attacker will need to escape google chrome sandboxing environment to perform additional damages. Revised on 2025-01-14 00:00:00
  17. An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiManager csfd daemon may allow an authenticated attacker to execute unauthorized commands via specifically crafted packets Revised on 2025-01-14 00:00:00
  18. An allocation of resources without limits or throttling [CWE-770] in FortiSIEM TLS-SYSLOG may allow an attacker to deny valid TLS traffic via consuming all allotted connections. Revised on 2025-01-14 00:00:00
  19. An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS may allow an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests. Revised on 2025-01-14 00:00:00
  20. An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests. Revised on 2025-01-14 00:00:00
© 2004 - 2025
USEDNET LLC
All Rights Reserved