The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FGT

vulnerability note CVE-2014-0160

OpenSSL: information disclosure via Heartbeat

Synthesis of the vulnerability

An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Impacted products: Tomcat, ArubaOS, i-Suite, ProxyAV, ProxySG, ARCserve Backup, ASA, Cisco Catalyst, IOS XE Cisco, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Cisco IP Phone, Cisco Unity, XenDesktop, MIMEsweeper, Clearswift Email Gateway, Clearswift Web Gateway, Debian, ECC, PowerPath, ArcGIS ArcView, ArcGIS for Desktop, ArcGIS for Server, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, HP Diagnostics, LoadRunner, Performance Center, AIX, WebSphere MQ, WS_FTP Server, IVE OS, Juniper J-Series, JUNOS, Junos Pulse, Juniper Network Connect, Juniper SA, Juniper UAC, LibreOffice, MBS, McAfee Email Gateway, ePO, GroupShield, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows 8, Windows RT, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, Opera, Solaris, pfSense, HDX, RealPresence Collaboration Server, Polycom VBP, Puppet, RHEL, RSA Authentication Manager, SIMATIC, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, ASE, Trend Micro OfficeScan, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware Player, vCenter, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Creation date: 08/04/2014.
Identifiers: 1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951.

Description of the vulnerability

The Heartbeat extension of TLS (RFC 6520) provides a keep-alive feature, without performing a renegotiation. It exchanges random data in a payload.

Version 1.0.1 of OpenSSL implements Heartbeat, which is enabled by default. The [d]tls1_process_heartbeat() function manages Heartbeat messages. However, it does not check the size of random data, and continues to read after the end of the payload, and then sends the full memory area (up to 64kb) to the peer (client or server).

An attacker can therefore use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Complete Vigil@nce bulletin.... (free trial)

vulnerability announce CVE-2013-7182

Fortinet FortiGate: Cross Site Scripting of mkey

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in mkey of Fortinet FortiGate, in order to execute JavaScript code in the context of the web site.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Creation date: 04/02/2014.
Identifiers: BID-65308, CVE-2013-7182, FG-IR-14-003, VIGILANCE-VUL-14172, VU#728638.

Description of the vulnerability

The Fortinet FortiGate product offers a web service.

However, it does not filter received "mkey" parameter before inserting it in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in mkey of Fortinet FortiGate, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2013-6990

FortiAuthenticator: shell execution

Synthesis of the vulnerability

A privileged attacker can inject a command in FortiAuthenticator, in order to execute a shell command on the server.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Creation date: 17/12/2013.
Identifiers: BID-64610, CVE-2013-6990, FG-IR-13-016, VIGILANCE-VUL-13958.

Description of the vulnerability

The FortiAuthenticator product provides a command line to the administrator.

However, the administrator can escape a FortiAuthenticator command, so it is inserted in a shell command.

A privileged attacker can therefore inject a command in FortiAuthenticator, in order to execute a shell command on the server.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2013-1414

FortiGate: Cross Site Request Forgery of System-Settings and Firewall-Policies

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery in System-Settings and Firewall-Policies of FortiGate, in order to force the victim to perform operations.
Impacted products: FortiGate, FortiOS.
Severity: 2/4.
Creation date: 02/07/2013.
Identifiers: BID-60861, CVE-2013-1414, FGA-2013-22, VIGILANCE-VUL-13029.

Description of the vulnerability

The web interface of FortiGate is used to modify the configuration (System-Settings) and the security policy (Firewall-Policies).

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery in System-Settings and Firewall-Policies of FortiGate, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2013-4604

FortiGate: privilege escalation

Synthesis of the vulnerability

An attacker can use the Guest account of FortiGate, in order to read and modify data related to others users.
Impacted products: FortiGate, FortiOS.
Severity: 2/4.
Creation date: 17/06/2013.
Identifiers: BID-60571, CVE-2013-4604, FGA-2013-22, VIGILANCE-VUL-12984.

Description of the vulnerability

An attacker can use the Guest account of FortiGate, in order to read and modify data related to others users.

Technical details are unknown.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2012-4948

FortiGate: man-in-the-middle attack

Synthesis of the vulnerability

When the administrator did not change the default certification authority for SSL/TLS inspection of FortiGate, an attacker can create a fake server/proxy and intercept user's data.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Creation date: 05/11/2012.
Identifiers: BID-56382, CVE-2012-4948, VIGILANCE-VUL-12109, VU#111708.

Description of the vulnerability

The FortiGate product can inspect SSL/TLS streams. In order to do so, it has a certification authority, and signs new server certificates. The client, who accepted this certification authority, sees no warning in his web browser.

However, the certification authority (public and private keys) is the same on all FortiGate. An attacker, who has access to one FortiGate can therefore obtain the private key. He can then create malicious server certificates, and sign them, so that users do not see a warning when connecting to the server.

When the administrator did not change the default certification authority for SSL/TLS inspection of FortiGate, an attacker can therefore create a fake server/proxy and intercept user's data.
Complete Vigil@nce bulletin.... (free trial)

vulnerability 11940

FortiGate: several Cross Site Scripting

Synthesis of the vulnerability

An attacker can use several vulnerabilities of FortiGate appliances, in order to execute script code in privileged contexts.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Creation date: 13/09/2012.
Identifiers: BID-55591, VIGILANCE-VUL-11940.

Description of the vulnerability

FortiGate appliances have a web interface.

However, the "mkey", "context", "title" and "msg" parameters are not filtered before being injected in generated HTML pages.

An attacker can therefore use several Cross Site Scripting of FortiGate appliances, in order to execute script code in privileged contexts.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note 11939

FortiGate: several Cross Site Scripting

Synthesis of the vulnerability

An attacker can use several vulnerabilities of FortiGate appliances, in order to execute script code in privileged contexts.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Creation date: 13/09/2012.
Identifiers: BID-55529, VIGILANCE-VUL-11939.

Description of the vulnerability

FortiGate appliances have a web interface.

However, these interfaces do not correctly filter their Add or Tag parameters. An attacker can then store script code, which is executed on each visit, and thus generate a Cross Site Scripting on visitor's computer.

An attacker can therefore use several vulnerabilities of FortiGate appliances, in order to execute script code in privileged contexts.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2012-1420 CVE-2012-1423 CVE-2012-1425

Fortinet FortiGate: bypassing via CAB, CHM, ELF, EXE, Office, RAR, TAR, ZIP

Synthesis of the vulnerability

An attacker can create an archive or a program containing a virus, which is not detected by Fortinet FortiGate.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Creation date: 21/03/2012.
Identifiers: BID-52580, BID-52588, BID-52595, BID-52598, BID-52600, BID-52601, BID-52602, BID-52604, BID-52605, BID-52606, BID-52608, BID-52612, BID-52613, BID-52615, BID-52621, BID-52623, BID-52626, CVE-2012-1420, CVE-2012-1423, CVE-2012-1425, CVE-2012-1439, CVE-2012-1440, CVE-2012-1442, CVE-2012-1443, CVE-2012-1444, CVE-2012-1445, CVE-2012-1446, CVE-2012-1447, CVE-2012-1453, CVE-2012-1454, CVE-2012-1456, CVE-2012-1459, CVE-2012-1461, CVE-2012-1462, VIGILANCE-VUL-11474.

Description of the vulnerability

Tools extracting archives (CAB, TAR, ZIP, etc.) accept to extract archives which are slightly malformed. Systems also accept to execute programs (ELF, EXE) which are slightly malformed. However, Fortinet FortiGate does not detect viruses contained in these archives/programs.

A TAR archive containing "\7fELF" as its first 4 bytes bypasses the detection. [severity:1/4; BID-52615, CVE-2012-1420]

A TAR archive containing "MZ" as its first 2 bytes bypasses the detection. [severity:1/4; BID-52588, CVE-2012-1423]

A TAR archive containing "\50\4B\03\04" as its first 4 bytes bypasses the detection. [severity:1/4; BID-52580, CVE-2012-1425]

An ELF program containing a large "padding" field bypasses the detection. [severity:2/4; BID-52602, CVE-2012-1439]

An ELF program containing a large "identsize" field bypasses the detection. [severity:2/4; BID-52595, CVE-2012-1440]

An EXE program containing a large "class" field bypasses the detection. [severity:2/4; BID-52598, CVE-2012-1442]

A RAR archive containing "MZ" as its first 2 bytes bypasses the detection. [severity:1/4; BID-52612, CVE-2012-1443]

An ELF program containing a large "abiversion" field bypasses the detection. [severity:2/4; BID-52604, CVE-2012-1444]

An ELF program containing a large "abi" field bypasses the detection. [severity:2/4; BID-52605, CVE-2012-1445]

An ELF program containing a large "encoding" field bypasses the detection. [severity:2/4; BID-52600, CVE-2012-1446]

An ELF program containing a large "e_version" field bypasses the detection. [severity:2/4; BID-52601, CVE-2012-1447]

A CAB archive containing a large "coffFiles" field bypasses the detection. [severity:1/4; BID-52621, CVE-2012-1453]

An ELF program containing a large "ei_version" field bypasses the detection. [severity:2/4; BID-52606, CVE-2012-1454]

A ZIP archive starting by TAR data bypasses the detection. [severity:1/4; BID-52608, CVE-2012-1456]

A TAR archive with a header containing a large value bypasses the detection. [severity:1/4; BID-52623, CVE-2012-1459]

A TAR+GZ archive containing two streams bypasses the detection. [severity:1/4; BID-52626, CVE-2012-1461]

A ZIP archive starting by 1024 random bytes bypasses the detection. [severity:1/4; BID-52613, CVE-2012-1462]

An attacker can therefore create an archive containing a virus which is not detected by the antivirus, but which is extracted by extraction tools. The virus is then detected once it has been extracted on victim's computer. An attacker can also create a program, containing a virus which is not detected by the antivirus, but which can be run by the system.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability CVE-2012-0941

FortiGate: several vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of FortiGate appliances, in order to execute script code in privileged contexts.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Creation date: 30/01/2012.
Identifiers: BID-51708, CVE-2012-0941, FGA-2012-02, VIGILANCE-VUL-11325.

Description of the vulnerability

FortiGate appliances have a web interface.

However, these interfaces do not correctly filter their parameters. An attacker can then store script code, which is executed on each visit. He can also generate a Cross Site Scripting on visitor's computer. The fields_sorted_opt parameter of user/auth/list fields_sorted_opt and endpointcompliance/app_detect/predefined_sig_list can be used as an attack vector.

The following features are impacted:
  Dailup List
  Endpoint > Monitor > Endpoint Monitor
  Endpoint > NAC > Application Database > Listings
  List field sorted
  Log&Report > Display

An attacker can therefore use several vulnerabilities of FortiGate appliances, in order to execute script code in privileged contexts.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FGT: