The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Fortinet FortiGate Virtual Appliance

cybersecurity bulletin CVE-2018-9185

FortiOS: privilege escalation via SSL-VPN SSO Bookmarked Pages

Synthesis of the vulnerability

An attacker can bypass restrictions via SSL-VPN SSO Bookmarked Pages of FortiOS, in order to escalate his privileges.
Severity: 2/4.
Creation date: 25/06/2018.
Identifiers: CERTFR-2018-AVI-303, CVE-2018-9185, FG-IR-18-027, VIGILANCE-VUL-26528.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via SSL-VPN SSO Bookmarked Pages of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2017-14187

FortiOS: privilege escalation via USB Storage Device

Synthesis of the vulnerability

An attacker can bypass restrictions via USB Storage Device of FortiOS, in order to escalate his privileges.
Severity: 1/4.
Creation date: 22/05/2018.
Identifiers: CERTFR-2018-AVI-246, CVE-2017-14187, FG-IR-17-245, VIGILANCE-VUL-26195.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via USB Storage Device of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2017-14185

FortiOS: information disclosure via Crafted URLs

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Crafted URLs of FortiOS, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 22/05/2018.
Identifiers: CERTFR-2018-AVI-246, CVE-2017-14185, FG-IR-17-231, VIGILANCE-VUL-26194.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Crafted URLs of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2005-4900

FortiOS: privilege escalation via SSL Deep-Inspection

Synthesis of the vulnerability

An attacker can bypass restrictions via SSL Deep-Inspection of FortiOS, in order to escalate his privileges.
Severity: 2/4.
Creation date: 17/05/2018.
Identifiers: CERTFR-2018-AVI-239, CVE-2005-4900, FG-IR-17-160, TA17-075A, VIGILANCE-VUL-26157.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via SSL Deep-Inspection of FortiOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2017-7738

FortiOS: information disclosure via fnsysctl

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via fnsysctl of FortiOS, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 11/12/2017.
Identifiers: CERTFR-2017-AVI-459, CVE-2017-7738, FG-IR-17-172, VIGILANCE-VUL-24729.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via fnsysctl of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2017-7739

FortiOS: Cross Site Scripting via Web Proxy Disclaimer

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Web Proxy Disclaimer of FortiOS, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-392, CVE-2017-7739, FG-IR-17-168, VIGILANCE-VUL-24351.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiOS product offers a web service.

However, it does not filter received data via Web Proxy Disclaimer before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Web Proxy Disclaimer of FortiOS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2017-7733

FortiOS: Cross Site Scripting via Login Disclaimer

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Login Disclaimer of FortiOS, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 25/10/2017.
Identifiers: CVE-2017-7733, FG-IR-17-113, VIGILANCE-VUL-24233.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiOS product offers a web service.

However, it does not filter received data via Login Disclaimer before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Login Disclaimer of FortiOS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2017-14182

FortiOS: denial of service via "params" Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via "params" Parameter of FortiOS, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 25/10/2017.
Identifiers: CVE-2017-14182, FG-IR-17-206, VIGILANCE-VUL-24232.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via "params" Parameter of FortiOS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2017-3130

FortiOS: information disclosure via IKE Vendor ID

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via IKE Vendor ID of FortiOS, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 09/08/2017.
Identifiers: CERTFR-2017-AVI-253, CVE-2017-3130, FG-IR-17-073, VIGILANCE-VUL-23483.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via IKE Vendor ID of FortiOS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin 23482

FortiOS: security improvement via SMBv1 Support Disabled

Synthesis of the vulnerability

The security of FortiOS was improved via SMBv1 Support Disabled.
Severity: 1/4.
Creation date: 09/08/2017.
Identifiers: CERTFR-2017-AVI-253, FG-IR-17-103, VIGILANCE-VUL-23482.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

This bulletin is about a security improvement.

It does not describe a vulnerability.

The security of FortiOS was therefore improved via SMBv1 Support Disabled.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Fortinet FortiGate Virtual Appliance: