The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FortiGate Virtual Appliance

weakness bulletin CVE-2019-15703

FortiOS: information disclosure via DRBG Unsufficient Entropy

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via DRBG Unsufficient Entropy of FortiOS, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 21/10/2019.
Identifiers: CERTFR-2019-AVI-523, CVE-2019-15703, FG-IR-19-186, VIGILANCE-VUL-30682.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via DRBG Unsufficient Entropy of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-13380

FortiOS: Cross Site Scripting via SSL VPN Portal

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via SSL VPN Portal of FortiOS, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 22/08/2019.
Identifiers: CERTFR-2019-AVI-239, CVE-2018-13380, FG-IR-18-383, VIGILANCE-VUL-30135.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via SSL VPN Portal of FortiOS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-13367

FortiOS: information disclosure via WEB UI JavaScript Parsing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via WEB UI JavaScript Parsing of FortiOS, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 09/08/2019.
Identifiers: CERTFR-2019-AVI-378, CVE-2018-13367, FG-IR-18-173, VIGILANCE-VUL-30002.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via WEB UI JavaScript Parsing of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2019-5591

FortiGate: privilege escalation via Unverified LDAP Server Identity

Synthesis of the vulnerability

An attacker can bypass restrictions via Unverified LDAP Server Identity of FortiGate, in order to escalate his privileges.
Severity: 2/4.
Creation date: 26/07/2019.
Identifiers: CERTFR-2019-AVI-359, CVE-2019-5591, FG-IR-19-037, VIGILANCE-VUL-29893.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Unverified LDAP Server Identity of FortiGate, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security note 29886

FortiOS: information disclosure via TCP Timestamp

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via TCP Timestamp of FortiOS, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 25/07/2019.
Identifiers: CERTFR-2019-AVI-358, FG-IR-16-090, VIGILANCE-VUL-29886.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via TCP Timestamp of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness note 29885

FortiOS: privilege escalation via HTTP/HTTPS Traffic Injection

Synthesis of the vulnerability

An attacker can bypass restrictions via HTTP/HTTPS Traffic Injection of FortiOS, in order to escalate his privileges.
Severity: 2/4.
Creation date: 25/07/2019.
Identifiers: CERTFR-2019-AVI-358, FG-IR-19-111, VIGILANCE-VUL-29885.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via HTTP/HTTPS Traffic Injection of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2019-5587 CVE-2019-6695

FortiOS/FortiManager VM: privilege escalation via Image File System Integrity

Synthesis of the vulnerability

An attacker can bypass restrictions via Image File System Integrity of FortiOS/FortiManager VM, in order to escalate his privileges.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/06/2019.
Identifiers: CERTFR-2019-AVI-358, CVE-2019-5587, CVE-2019-6695, FG-IR-19-017, VIGILANCE-VUL-29468.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Image File System Integrity of FortiOS/FortiManager VM, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-13379

FortiOS: directory traversal via SSL VPN

Synthesis of the vulnerability

An attacker can traverse directories via SSL VPN of FortiOS, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 27/05/2019.
Identifiers: CERTFR-2019-AVI-239, CVE-2018-13379, FG-IR-18-384, VIGILANCE-VUL-29414.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories via SSL VPN of FortiOS, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-5586 CVE-2019-5588

FortiOS: Cross Site Scripting via the VPN portal

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via the VPN portal of FortiOS, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/05/2019.
Identifiers: CERTFR-2019-AVI-239, CVE-2019-5586, CVE-2019-5588, FG-IR-19-034, VIGILANCE-VUL-29412.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via the VPN portal of FortiOS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-13384

Fortinet FortiOS: open redirect via the VPN portal

Synthesis of the vulnerability

An attacker can deceive the user via VPN of Fortinet FortiOS, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 22/05/2019.
Identifiers: CVE-2018-13384, FG-IR-19-002, VIGILANCE-VUL-29386.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can deceive the user via the VPN portal of Fortinet FortiOS, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FortiGate Virtual Appliance: