The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FortiGate Virtual Appliance

vulnerability announce CVE-2017-17544

FortiOS: privilege escalation via Restoring Modified Configurations

Synthesis of the vulnerability

An attacker can bypass restrictions via Restoring Modified Configurations of FortiOS, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 03/04/2019.
Identifiers: CERTFR-2019-AVI-143, CVE-2017-17544, FG-IR-17-053, VIGILANCE-VUL-28932.

Description of the vulnerability

An attacker can bypass restrictions via Restoring Modified Configurations of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-13376

FortiOS: information disclosure via Web Proxy Disclaimer Response

Synthesis of the vulnerability

A local attacker can read a memory fragment via Web Proxy Disclaimer Response of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 23/11/2018.
Identifiers: CERTFR-2018-AVI-570, CVE-2018-13376, FG-IR-18-325, VIGILANCE-VUL-27871.

Description of the vulnerability

A local attacker can read a memory fragment via Web Proxy Disclaimer Response of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-13366

FortiGate: information disclosure via PPTP Server Hostname

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PPTP Server Hostname of FortiGate, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 19/11/2018.
Identifiers: CERTFR-2018-AVI-560, CVE-2018-13366, FG-IR-18-101, VIGILANCE-VUL-27827.

Description of the vulnerability

An attacker can bypass access restrictions to data via PPTP Server Hostname of FortiGate, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-13374

FortiGate: privilege escalation via LDAP Server Connectivity

Synthesis of the vulnerability

An attacker can bypass restrictions via LDAP Server Connectivity of Fortigate, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: privileged access/rights, data reading.
Provenance: privileged account.
Creation date: 19/11/2018.
Identifiers: CERTFR-2018-AVI-560, CVE-2018-13374, FG-IR-18-157, VIGILANCE-VUL-27826.

Description of the vulnerability

An attacker can bypass restrictions via LDAP Server Connectivity of FortiGate, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 27203

WPA/WPA2: information disclosure via PSK PMKID

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PSK PMKID of WPA/WPA2, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS, 802.11 protocol.
Severity: 2/4.
Consequences: data reading.
Provenance: radio connection.
Creation date: 11/09/2018.
Identifiers: FG-IR-18-199, VIGILANCE-VUL-27203.

Description of the vulnerability

An attacker can bypass access restrictions to data via PSK PMKID of WPA/WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-9192 CVE-2018-9194

FortiOS: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/09/2018.
Identifiers: CVE-2018-9192, CVE-2018-9194, FG-IR-17-302, VIGILANCE-VUL-27172.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-13365

FortiOS: information disclosure via Replacement Messages

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Replacement Messages of FortiOS, in order to obtain sensitive information.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 27/08/2018.
Identifiers: CERTFR-2018-AVI-407, CVE-2018-13365, FG-IR-18-085, VIGILANCE-VUL-27079.

Description of the vulnerability

An attacker can bypass access restrictions to data via Replacement Messages of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-5389

IPsec IKEv1 Main Mode: information disclosure via Brute Force

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Brute Force of IKEv1 Main Mode, in order to obtain sensitive information.
Impacted products: BIG-IP Hardware, TMOS, FortiGate, FortiGate Virtual Appliance, FortiOS, Synology DSM, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 16/08/2018.
Identifiers: CVE-2018-5389, FG-IR-18-214, K42378447, Synology-SA-18:46, VIGILANCE-VUL-27022, VU#857035.

Description of the vulnerability

An attacker can bypass access restrictions to data via Brute Force of IKEv1 Main Mode, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-9185

FortiOS: privilege escalation via SSL-VPN SSO Bookmarked Pages

Synthesis of the vulnerability

An attacker can bypass restrictions via SSL-VPN SSO Bookmarked Pages of FortiOS, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: intranet server.
Creation date: 25/06/2018.
Identifiers: CERTFR-2018-AVI-303, CVE-2018-9185, FG-IR-18-027, VIGILANCE-VUL-26528.

Description of the vulnerability

An attacker can bypass restrictions via SSL-VPN SSO Bookmarked Pages of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-14187

FortiOS: privilege escalation via USB Storage Device

Synthesis of the vulnerability

An attacker can bypass restrictions via USB Storage Device of FortiOS, in order to escalate his privileges.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 22/05/2018.
Identifiers: CERTFR-2018-AVI-246, CVE-2017-14187, FG-IR-17-245, VIGILANCE-VUL-26195.

Description of the vulnerability

An attacker can bypass restrictions via USB Storage Device of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FortiGate Virtual Appliance: