CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool) A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the...

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.

An improper neutralization of special elements used in an sql command [CWE-89] in FortiWLM may allow a remote unauthenticated attacker to execute unauthorized sql queries via a crafted http request.

A use of hard-coded credentials [CWE-798] in FortiManager and FortiAnalyzer may allow an attacker to access Fortinet dummy testing data via the use of static credentials. Those credentials have been revoked.

*PRODUCT OUT OF SUPPORT* A improper limitation of a pathname to a restricted directory (‘path traversal’) vulnerability [CWE-22] in FortiWAN may allow an authenticated attacker to read and delete arbitrary file of...

An improper authorization vulnerability [CWE-285] in FortiMail webmail may allow an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

*PRODUCT OUT OF SUPPORT* An improper authentication vulnerability [CWE-287] in FortWAN may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.

Multiple buffer copy without checking size of input (‘classic buffer overflow’) vulnerabilities [CWE-120] in FortiADC & FortiDDoS-F may allow a privileged attacker to execute arbitrary code or commands via...

A permissive cross-domain policy with untrusted domains (CWE-942) vulnerability in the API of FortiADC / FortiDDoS-F may allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via...

An incorrect authorization [CWE-863] vulnerability in FortiClient (Windows) may allow a local low privileged attacker to perform arbitrary file deletion in the device filesystem.

A use of hard-coded credentials vulnerability [CWE-798] in FortiClient for Windows may allow an attacker to bypass system protections via the use of static credentials.

An untrusted search path vulnerability [CWE-426] in FortiClient Windows OpenSSL component may allow an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login...

An improper access control vulnerabilty [CWE-284] in FortiEDRCollectorWindows may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the...

Fortinet is aware of a research article named TunnelCrack, published at Usenix [1], which describe the LocalNet and ServerIP attacks. These attacks aim to leak VPN client traffic outside of the protected VPN tunnel when clients...

A relative path traversal vulnerability [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read arbitrary files via crafted HTTP requests.

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS and FortiProxy VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesytem integrity...

A null pointer dereference [CWE-476] in FortiOS and FortiProxy SSL VPN may allow an authenticated attacker to perform a DoS attack on the device via specifically crafted HTTP requests.

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests. This...

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with...

An improper access control vulnerability [CWE-284] in FortiADC automation feature may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric...