The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FortiGate Virtual Appliance

computer vulnerability alert 29886

FortiOS: information disclosure via TCP Timestamp

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via TCP Timestamp of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 25/07/2019.
Identifiers: CERTFR-2019-AVI-358, FG-IR-16-090, VIGILANCE-VUL-29886.

Description of the vulnerability

An attacker can bypass access restrictions to data via TCP Timestamp of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-5587 CVE-2019-6695

FortiOS/FortiManager VM: privilege escalation via Image File System Integrity

Synthesis of the vulnerability

An attacker can bypass restrictions via Image File System Integrity of FortiOS/FortiManager VM, in order to escalate his privileges.
Impacted products: FortiGate Virtual Appliance, FortiManager Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/06/2019.
Identifiers: CERTFR-2019-AVI-358, CVE-2019-5587, CVE-2019-6695, FG-IR-19-017, VIGILANCE-VUL-29468.

Description of the vulnerability

An attacker can bypass restrictions via Image File System Integrity of FortiOS/FortiManager VM, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-13379

FortiOS: directory traversal via SSL VPN

Synthesis of the vulnerability

An attacker can traverse directories via SSL VPN of FortiOS, in order to read a file outside the service root path.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 27/05/2019.
Identifiers: CERTFR-2019-AVI-239, CVE-2018-13379, FG-IR-18-384, VIGILANCE-VUL-29414.

Description of the vulnerability

An attacker can traverse directories via SSL VPN of FortiOS, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-5586 CVE-2019-5588

FortiOS: Cross Site Scripting via the VPN portal

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via the VPN portal of FortiOS, in order to run JavaScript code in the context of the web site.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/05/2019.
Identifiers: CERTFR-2019-AVI-239, CVE-2019-5586, CVE-2019-5588, FG-IR-19-034, VIGILANCE-VUL-29412.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via the VPN portal of FortiOS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-13384

Fortinet FortiOS: open redirect via the VPN portal

Synthesis of the vulnerability

An attacker can deceive the user via VPN of Fortinet FortiOS, in order to redirect him to a malicious site.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 22/05/2019.
Identifiers: CVE-2018-13384, FG-IR-19-002, VIGILANCE-VUL-29386.

Description of the vulnerability

An attacker can deceive the user via the VPN portal of Fortinet FortiOS, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-13371

FortiOS: privilege escalation via ZebOS Routing Settings Change

Synthesis of the vulnerability

An attacker can bypass restrictions via ZebOS Routing Settings Change of FortiOS, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: privileged access/rights, data creation/edition.
Provenance: user account.
Creation date: 04/04/2019.
Identifiers: CERTFR-2019-AVI-147, CVE-2018-13371, FG-IR-18-230, VIGILANCE-VUL-28945.

Description of the vulnerability

An attacker can bypass restrictions via ZebOS Routing Settings Change of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-17544

FortiOS: privilege escalation via Restoring Modified Configurations

Synthesis of the vulnerability

An attacker can bypass restrictions via Restoring Modified Configurations of FortiOS, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 03/04/2019.
Identifiers: CERTFR-2019-AVI-143, CVE-2017-17544, FG-IR-17-053, VIGILANCE-VUL-28932.

Description of the vulnerability

An attacker can bypass restrictions via Restoring Modified Configurations of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 28906

FortiOS: information disclosure via HTTP Headers Parsing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP Headers Parsing of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 01/04/2019.
Identifiers: CERTFR-2019-AVI-137, FG-IR-19-043, VIGILANCE-VUL-28906.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP Headers Parsing of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-13376

FortiOS: information disclosure via Web Proxy Disclaimer Response

Synthesis of the vulnerability

A local attacker can read a memory fragment via Web Proxy Disclaimer Response of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 23/11/2018.
Identifiers: CERTFR-2018-AVI-570, CVE-2018-13376, FG-IR-18-325, VIGILANCE-VUL-27871.

Description of the vulnerability

A local attacker can read a memory fragment via Web Proxy Disclaimer Response of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-13366

FortiGate: information disclosure via PPTP Server Hostname

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PPTP Server Hostname of FortiGate, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 19/11/2018.
Identifiers: CERTFR-2018-AVI-560, CVE-2018-13366, FG-IR-18-101, VIGILANCE-VUL-27827.

Description of the vulnerability

An attacker can bypass access restrictions to data via PPTP Server Hostname of FortiGate, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FortiGate Virtual Appliance: