The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FortiGate Virtual Appliance

computer vulnerability alert CVE-2018-13384

Fortinet FortiOS: open redirect via the VPN portal

Synthesis of the vulnerability

An attacker can deceive the user via VPN of Fortinet FortiOS, in order to redirect him to a malicious site.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 22/05/2019.
Identifiers: CVE-2018-13384, FG-IR-19-002, VIGILANCE-VUL-29386.

Description of the vulnerability

An attacker can deceive the user via the VPN portal of Fortinet FortiOS, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-13371

FortiOS: privilege escalation via ZebOS Routing Settings Change

Synthesis of the vulnerability

An attacker can bypass restrictions via ZebOS Routing Settings Change of FortiOS, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: privileged access/rights, data creation/edition.
Provenance: user account.
Creation date: 04/04/2019.
Identifiers: CERTFR-2019-AVI-147, CVE-2018-13371, FG-IR-18-230, VIGILANCE-VUL-28945.

Description of the vulnerability

An attacker can bypass restrictions via ZebOS Routing Settings Change of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-17544

FortiOS: privilege escalation via Restoring Modified Configurations

Synthesis of the vulnerability

An attacker can bypass restrictions via Restoring Modified Configurations of FortiOS, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 03/04/2019.
Identifiers: CERTFR-2019-AVI-143, CVE-2017-17544, FG-IR-17-053, VIGILANCE-VUL-28932.

Description of the vulnerability

An attacker can bypass restrictions via Restoring Modified Configurations of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 28906

FortiOS: information disclosure via HTTP Headers Parsing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP Headers Parsing of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 01/04/2019.
Identifiers: CERTFR-2019-AVI-137, FG-IR-19-043, VIGILANCE-VUL-28906.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP Headers Parsing of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-13376

FortiOS: information disclosure via Web Proxy Disclaimer Response

Synthesis of the vulnerability

A local attacker can read a memory fragment via Web Proxy Disclaimer Response of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 23/11/2018.
Identifiers: CERTFR-2018-AVI-570, CVE-2018-13376, FG-IR-18-325, VIGILANCE-VUL-27871.

Description of the vulnerability

A local attacker can read a memory fragment via Web Proxy Disclaimer Response of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-13366

FortiGate: information disclosure via PPTP Server Hostname

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PPTP Server Hostname of FortiGate, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 19/11/2018.
Identifiers: CERTFR-2018-AVI-560, CVE-2018-13366, FG-IR-18-101, VIGILANCE-VUL-27827.

Description of the vulnerability

An attacker can bypass access restrictions to data via PPTP Server Hostname of FortiGate, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-13374

FortiGate: privilege escalation via LDAP Server Connectivity

Synthesis of the vulnerability

An attacker can bypass restrictions via LDAP Server Connectivity of Fortigate, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: privileged access/rights, data reading.
Provenance: privileged account.
Creation date: 19/11/2018.
Identifiers: CERTFR-2018-AVI-560, CVE-2018-13374, FG-IR-18-157, VIGILANCE-VUL-27826.

Description of the vulnerability

An attacker can bypass restrictions via LDAP Server Connectivity of FortiGate, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 27203

WPA/WPA2: information disclosure via PSK PMKID

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PSK PMKID of WPA/WPA2, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS, 802.11 protocol.
Severity: 2/4.
Consequences: data reading.
Provenance: radio connection.
Creation date: 11/09/2018.
Identifiers: FG-IR-18-199, VIGILANCE-VUL-27203.

Description of the vulnerability

An attacker can bypass access restrictions to data via PSK PMKID of WPA/WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-9192 CVE-2018-9194

FortiOS: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/09/2018.
Identifiers: CVE-2018-9192, CVE-2018-9194, FG-IR-17-302, VIGILANCE-VUL-27172.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-13365

FortiOS: information disclosure via Replacement Messages

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Replacement Messages of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 27/08/2018.
Identifiers: CERTFR-2018-AVI-407, CVE-2018-13365, FG-IR-18-085, VIGILANCE-VUL-27079.

Description of the vulnerability

An attacker can bypass access restrictions to data via Replacement Messages of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FortiGate Virtual Appliance: