RSS   Vulnerabilities for 'Fortiproxy'   RSS

2022-05-11
 
CVE-2021-43081

CWE-79
 

 
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

 
2022-02-24
 
CVE-2021-26092

CWE-79
 

 
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.

 
2021-12-08
 
CVE-2021-41024

CWE-22
 

 
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.

 
 
CVE-2021-26110

CWE-269
 

 
An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.

 
 
CVE-2021-26103

CWE-345
 

 
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.

 
2021-06-03
 
CVE-2021-22130

CWE-787
 

 
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.

 
2021-04-12
 
CVE-2019-17656

CWE-787
 

 
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.

 
2021-03-04
 
CVE-2021-22128

CWE-863
 

 
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

 

 >>> Vendor: Fortinet 106 Products
Fortinet firewall
Fortigate
Fortios
Fortinet antivirus
Fortinet
Fortinet28
Forticlient host security
Fortiguard antivirus
Fortigate-1000
Forticlient
Connect
Fortigate-1000c
Fortigate-100d
Fortigate-110c
Fortigate-1240b
Fortigate-200b
Fortigate-20c
Fortigate-300c
Fortigate-3040b
Fortigate-310b
Fortigate-311b
Fortigate-3140b
Fortigate-3240c
Fortigate-3810a
Fortigate-3950b
Fortigate-40c
Fortigate-5001a-sw
Fortigate-5001b
Fortigate-5020
Fortigate-5060
Fortigate-50b
Fortigate-5101c
Fortigate-5140b
Fortigate-600c
Fortigate-60c
Fortigate-620b
Fortigate-800c
Fortigate-80c
Fortigate-voice-80c
Fortigaterugged-100c
Fortimail
Forticlient lite
Forticlient ssl vpn
Fortianalyzer-1000d
Fortianalyzer-2000b
Fortianalyzer-200d
Fortianalyzer-3000d
Fortianalyzer-300d
Fortianalyzer-4000b
Fortianalyzer firmware
Fortiweb
Fortiadc-1000e
Fortiadc-1500d
Fortiadc-2000d
Fortiadc-200d
Fortiadc-300e
Fortiadc-4000d
Fortiadc-400e
Fortiadc-600e
Fortiadc firmware
Fortiauthenticator
Fortimanager
Coyote point equalizer
Coyote point equalizer firmware
Single sign on
Fortiadc-700d
Fortimanager firmware
Fortisandbox firmware
Fortiswitch
Fortiwan
Fortiwlc
Fortiportal
Fortiwlc-sd
Fortiwlm
Fortiweb manager
Fortidb
Forticlient sslvpn client
Fortianalyzer
Fortisiem
Fcm-mb40 firmware
Fortinac
Fortiisolator
Forticlient emergency management server
Forticlient virtual private network
Fortiadc
Fortiap
Fortiap-s
Fortiap-u
Fortiap-w2
Fortivoice
Fortisiem windows agent
Fortideceptor
Fortitester
Fortiproxy
Fortiadc manager
Fortipresence
Fortisandbox
Fortisdnconnector
Forticlient endpoint management server
Forticlient enterprise management server
See all Products for Vendor Fortinet


Copyright 2024, cxsecurity.com

 

Back to Top