The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FortiGate Virtual Appliance

vulnerability alert CVE-2018-13376

FortiOS: information disclosure via Web Proxy Disclaimer Response

Synthesis of the vulnerability

Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 23/11/2018.
Identifiers: CERTFR-2018-AVI-570, CVE-2018-13376, FG-IR-18-325, VIGILANCE-VUL-27871.

Description of the vulnerability

A local attacker can read a memory fragment via Web Proxy Disclaimer Response of FortiOS, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-13366

FortiGate: information disclosure via PPTP Server Hostname

Synthesis of the vulnerability

Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 19/11/2018.
Identifiers: CERTFR-2018-AVI-560, CVE-2018-13366, FG-IR-18-101, VIGILANCE-VUL-27827.

Description of the vulnerability

An attacker can bypass access restrictions to data via PPTP Server Hostname of FortiGate, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-13374

FortiGate: privilege escalation via LDAP Server Connectivity

Synthesis of the vulnerability

An attacker can bypass restrictions via LDAP Server Connectivity of Fortigate, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: privileged access/rights, data reading.
Provenance: privileged account.
Confidence: confirmed by the editor (5/5).
Creation date: 19/11/2018.
Identifiers: CERTFR-2018-AVI-560, CVE-2018-13374, FG-IR-18-157, VIGILANCE-VUL-27826.

Description of the vulnerability

An attacker can bypass restrictions via LDAP Server Connectivity of FortiGate, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 27203

WPA/WPA2: information disclosure via PSK PMKID

Synthesis of the vulnerability

Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS, 802.11 protocol.
Severity: 2/4.
Consequences: data reading.
Provenance: radio connection.
Confidence: confirmed by the editor (5/5).
Creation date: 11/09/2018.
Identifiers: FG-IR-18-199, VIGILANCE-VUL-27203.

Description of the vulnerability

An attacker can bypass access restrictions to data via PSK PMKID of WPA/WPA2, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-9192 CVE-2018-9194

FortiOS: information disclosure via ROBOT Attack

Synthesis of the vulnerability

Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 06/09/2018.
Identifiers: CVE-2018-9192, CVE-2018-9194, FG-IR-17-302, VIGILANCE-VUL-27172.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of FortiOS, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-13365

FortiOS: information disclosure via Replacement Messages

Synthesis of the vulnerability

Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 27/08/2018.
Identifiers: CERTFR-2018-AVI-407, CVE-2018-13365, FG-IR-18-085, VIGILANCE-VUL-27079.

Description of the vulnerability

An attacker can bypass access restrictions to data via Replacement Messages of FortiOS, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-5389

IPsec IKEv1 Main Mode: information disclosure via Brute Force

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS, FortiGate, FortiGate Virtual Appliance, FortiOS, Synology DSM, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 16/08/2018.
Identifiers: CVE-2018-5389, FG-IR-18-214, K42378447, Synology-SA-18:46, VIGILANCE-VUL-27022, VU#857035.

Description of the vulnerability

An attacker can bypass access restrictions to data via Brute Force of IKEv1 Main Mode, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-9185

FortiOS: privilege escalation via SSL-VPN SSO Bookmarked Pages

Synthesis of the vulnerability

Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: intranet server.
Confidence: confirmed by the editor (5/5).
Creation date: 25/06/2018.
Identifiers: CERTFR-2018-AVI-303, CVE-2018-9185, FG-IR-18-027, VIGILANCE-VUL-26528.

Description of the vulnerability

An attacker can bypass restrictions via SSL-VPN SSO Bookmarked Pages of FortiOS, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-14187

FortiOS: privilege escalation via USB Storage Device

Synthesis of the vulnerability

Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Confidence: confirmed by the editor (5/5).
Creation date: 22/05/2018.
Identifiers: CERTFR-2018-AVI-246, CVE-2017-14187, FG-IR-17-245, VIGILANCE-VUL-26195.

Description of the vulnerability

An attacker can bypass restrictions via USB Storage Device of FortiOS, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-14185

FortiOS: information disclosure via Crafted URLs

Synthesis of the vulnerability

Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 22/05/2018.
Identifiers: CERTFR-2018-AVI-246, CVE-2017-14185, FG-IR-17-231, VIGILANCE-VUL-26194.

Description of the vulnerability

An attacker can bypass access restrictions to data via Crafted URLs of FortiOS, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FortiGate Virtual Appliance: