This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-19T20:24:12+00:00 www.secnews.physaphae.fr Fortinet Vunerability - Fortinet Vunerability An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-052 www.secnews.physaphae.fr/article.php?IdArticle=8499681 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A stack-based buffer overflow [CWE-121] vulnerability in FortiOS administrative interface may allow a privileged attacker to execute arbitrary code or commands via crafted HTTP or HTTPs requests.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-415 www.secnews.physaphae.fr/article.php?IdArticle=8499671 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A Use Of Less Trusted Source [CWE-348] vulnerability in FortiPortal may allow an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-021 www.secnews.physaphae.fr/article.php?IdArticle=8499672 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper control of generation of code (\'Code Injection\') vulnerability [CWE-94] in FortiSOAR may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-420 www.secnews.physaphae.fr/article.php?IdArticle=8499674 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Client-side enforcement of server-side security vulnerability [CWE-602] in FortiPortal may allow an authenticated attacker with a customer account to access other customers information via crafted HTTP requests.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-406 www.secnews.physaphae.fr/article.php?IdArticle=8499673 False Vulnerability,Legislation None None Fortinet Vunerability - Fortinet Vunerability An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC may allow a read-only admin to view data pertaining to other admins.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-433 www.secnews.physaphae.fr/article.php?IdArticle=8499676 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Multiple format string bug vulnerabilitues [CWE-134] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager command line interpreter and httpd may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands and http requests.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-137 www.secnews.physaphae.fr/article.php?IdArticle=8499677 False None None None Fortinet Vunerability - Fortinet Vunerability A double free vulnerability [CWE-415] in FortiOS may allow a privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-195 www.secnews.physaphae.fr/article.php?IdArticle=8499675 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise may allow an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-282 www.secnews.physaphae.fr/article.php?IdArticle=8499680 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A URL redirection to untrusted site (\'Open Redirect\') (CWE-601) vulnerability in FortiAuthenticator may allow an attacker to redirect users to an arbitrary website via a crafted URL.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-465 www.secnews.physaphae.fr/article.php?IdArticle=8499678 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-474 www.secnews.physaphae.fr/article.php?IdArticle=8499688 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiNAC may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-040 www.secnews.physaphae.fr/article.php?IdArticle=8499687 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability HTTP CONTINUATION Flood can be used to launch a serious DoS attack that can cause the crash of the target server with just one attacking machine (or even one TCP connection to the target).It works by:- initiating an HTTP stream against the target- then sending headers and CONTINUATION frames with no END_HEADERS flag set - that creates a never ending stream that could even cause an instant crashThis works because there\'s many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream.CVE-2024-27316 for Apache HTTP Server (httpd):HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.CVE-2024-24549 for Apa]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-120 www.secnews.physaphae.fr/article.php?IdArticle=8499679 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A client-side enforcement of server-side security vulnerability [CWE-602] in FortiSandbox may allow an authenticated attacker with at least read-only permission to download or upload configuration.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-054 www.secnews.physaphae.fr/article.php?IdArticle=8499685 False Vulnerability,Legislation None None Fortinet Vunerability - Fortinet Vunerability An insufficient verification of data authenticity vulnerability [CWE-345] in FortiOS & FortiProxy SSL-VPN tunnel mode may allow an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-225 www.secnews.physaphae.fr/article.php?IdArticle=8499686 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb may allow an authenticated attacker to read password hashes of other administrators via CLI commands or HTTP requests.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-191 www.secnews.physaphae.fr/article.php?IdArticle=8499684 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Several improper input validation [CWE-20] and improper authorization vulnerabilities [CWE-285] affecting FortiWebManager may allow an authenticated attacker with at least read-only permission to execute unauthorized actions via HTTP requests or CLI.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-222 www.secnews.physaphae.fr/article.php?IdArticle=8499682 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.1 may allow an unauthenticated attacker to perform a temporary denial of service attack on the administrative interface via crafted HTTP requests.]]> 2024-05-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-017 www.secnews.physaphae.fr/article.php?IdArticle=8499683 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-489 www.secnews.physaphae.fr/article.php?IdArticle=8478736 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An external control of file name or path vulnerability [CWE-73] in FortiClientMac\'s installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-345 www.secnews.physaphae.fr/article.php?IdArticle=8478726 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability [CWE-22] in FortiSandbox may allow an authenticated attacker with at least read-only permission to delete arbitrary files via crafted HTTP requests.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-454 www.secnews.physaphae.fr/article.php?IdArticle=8499689 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in an OS Command (\'OS Command Injection\') vulnerability [CWE-78] in FortiSandbox may allow a privileged attacker with super-admin profile and CLI access to execute arbitrary code via CLI.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-411 www.secnews.physaphae.fr/article.php?IdArticle=8478735 False None None None Fortinet Vunerability - Fortinet Vunerability An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS may allow an unauthenticated attacker to fingerprint the device version via HTTP requests.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-224 www.secnews.physaphae.fr/article.php?IdArticle=8478730 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Fortinet is aware of the new SMTP smuggling technique.By exploiting interpretation differences of the SMTP protocol for the end of data sequence, it is possible to send spoofed e-mails, while still passing SPF alignment checks.FortiMail may be susceptible to smuggling attacks if some measures are not put in place. We therefore recommend to adhere to the following indications in order to mitigate the potential risk associated to the smuggling attacks:- Enable DKIM (Domain Keys Identified Mail) to enhance e-mail authentication. Select "None" action under DKIM check in AntiSpam profile in order to block by default e-mail without DKIM signature.- Disable "any-any" traffic policy to restrict unauthorized access.- Modify the configuration settings in line with the recommended security practices (DMARC/DKIM/SPF, proper ACL policy, avoid open relay MTA).]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-009 www.secnews.physaphae.fr/article.php?IdArticle=8478737 False None None None Fortinet Vunerability - Fortinet Vunerability An insufficiently protected credentials vulnerability (CWE-522) in FortiOS and FortiProxy may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-493 www.secnews.physaphae.fr/article.php?IdArticle=8478731 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper certificate validation vulnerability [CWE-295] in FortiNAC-F may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-288 www.secnews.physaphae.fr/article.php?IdArticle=8478728 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An Improper Control of Generation of Code (\'Code Injection\') vulnerability [CWE-94] in FortiClientLinux may allow##an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-087 www.secnews.physaphae.fr/article.php?IdArticle=8478725 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in a template engine [CWE-1336] vulnerability in FortiManager provisioning templates may allow a local authenticated attacker with at least read-only permissions to execute arbitrary code via specially crafted templates.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-419 www.secnews.physaphae.fr/article.php?IdArticle=8478727 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability [CWE-22] in FortiSandbox may allow a privileged attacker with super-admin profile and CLI access to execute arbitrary code via CLI.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-416 www.secnews.physaphae.fr/article.php?IdArticle=8478734 False None None None Fortinet Vunerability - Fortinet Vunerability A use of externally-controlled format string vulnerability [CWE-134] in FortiOS command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-413 www.secnews.physaphae.fr/article.php?IdArticle=8478729 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A use of externally-controlled format string vulnerability [CWE-134] in FortiManager, FortiAnalyzer, FortiAnalyzer-BigData & FortiPortal may allow a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.]]> 2024-03-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-304 www.secnews.physaphae.fr/article.php?IdArticle=8462694 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiClientEMS may allow a remote and unauthenticated attacker to execute arbitrary commands on the admin workstation via creating malicious log entries with crafted requests to the server.]]> 2024-03-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-390 www.secnews.physaphae.fr/article.php?IdArticle=8462693 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in an SQL Command (\'SQL Injection\') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.]]> 2024-03-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-007 www.secnews.physaphae.fr/article.php?IdArticle=8462700 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper authorization vulnerability [CWE-285] in FortiPortal reports may allow a user to download other organizations reports via modification in the request payload.]]> 2024-03-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-016 www.secnews.physaphae.fr/article.php?IdArticle=8462698 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper access control vulnerability [`CWE-284]` in FortiWLM MEA for FortiManager may allow an unauthenticated remote attacker to execute arbitrary code or commands via specifically crafted requests.Note that FortiWLM MEA is not installed by default on FortiManager and can be disabled as a workaround.]]> 2024-03-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-103 www.secnews.physaphae.fr/article.php?IdArticle=8462699 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An out-of-bounds write vulnerability [CWE-787] and a Stack-based Buffer Overflow [CWE-121] in FortiOS & FortiProxy captive portal may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests.Workaround:Set a non form-based authentication scheme:config authentication schemeedit schemeset method methodnextendWhere can be any of those :ntlm NTLM authentication.basic Basic HTTP authentication.digest Digest HTTP authentication.negotiate Negotiate authentication.fsso Fortinet Single Sign-On (FSSO) authentication.rsso RADIUS Single Sign-On (RSSO) authentication.ssh-publickey Public key based SSH authentication.cert Client certificate authentication.saml SAML authentication]]> 2024-03-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-328 www.secnews.physaphae.fr/article.php?IdArticle=8462696 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS and FortiProxy SSLVPN may allow an authenticated attacker to gain access to another user\'s bookmark via URL manipulation.]]> 2024-03-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-013 www.secnews.physaphae.fr/article.php?IdArticle=8462697 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper authentication vulnerability [CWE-287] in FortiOS when configured with FortiAuthenticator in HA may allow an authenticated attacker with at least read-only permission to gain read-write access via successive login attempts.]]> 2024-03-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-424 www.secnews.physaphae.fr/article.php?IdArticle=8462695 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. Workaround : disable SSL VPN (disable webmode is NOT a valid workaround) Note: This is potentially being exploited in the wild.]]> 2024-02-08T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-015 www.secnews.physaphae.fr/article.php?IdArticle=8448166 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability The Fortinet Product Security team has evaluated the impact of the vulnerablity HTTP/2 Rapid Reset Attack, listed below: CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly. https://nvd.nist.gov/vuln/detail/CVE-2023-44487]]> 2024-02-08T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-397 www.secnews.physaphae.fr/article.php?IdArticle=8448167 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper certificate validation vulnerability [CWE-295] in FortiOS may allow an unauthenticated attacker in a Man-in-the-Middle position to decipher and alter the FortiLink communication channel between the FortiOS device and a FortiSwitch instance.]]> 2024-02-08T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-301 www.secnews.physaphae.fr/article.php?IdArticle=8448165 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthentified attacker to execute arbitrary code or commands via specially crafted requests.]]> 2024-02-08T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-029 www.secnews.physaphae.fr/article.php?IdArticle=8448164 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiNAC may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the name fields observed in the policy audit logs.]]> 2024-02-08T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-063 www.secnews.physaphae.fr/article.php?IdArticle=8448163 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper privilege management vulnerability [CWE-269] in FortiClientEMS graphical administrative interface may allow an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.]]> 2024-02-08T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-357 www.secnews.physaphae.fr/article.php?IdArticle=8448161 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.]]> 2024-02-08T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-268 www.secnews.physaphae.fr/article.php?IdArticle=8448162 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\'s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms.]]> 2024-01-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-490 www.secnews.physaphae.fr/article.php?IdArticle=8437281 False None None None Fortinet Vunerability - Fortinet Vunerability An improper privilege management vulnerability [CWE-269] in FortiPortal may allow a remote and authenticated attacker to add users outside its initial Idp]]> 2024-01-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-395 www.secnews.physaphae.fr/article.php?IdArticle=8437278 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper limitation of a pathname to a restricted directory (\'path traversal\') vulnerability [CWE-22] in FortiVoice may allow an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests]]> 2024-01-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-219 www.secnews.physaphae.fr/article.php?IdArticle=8437280 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper privilege management vulnerability [CWE-269] in a FortiOS & FortiProxy HA cluster may allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.]]> 2024-01-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-315 www.secnews.physaphae.fr/article.php?IdArticle=8437276 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting FortiPortal may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.]]> 2024-01-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-408 www.secnews.physaphae.fr/article.php?IdArticle=8437279 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM may allow an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests at a high frequency.]]> 2024-01-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-226 www.secnews.physaphae.fr/article.php?IdArticle=8437277 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper authorization vulnerability [CWE-285] in FortiADC may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.]]> 2023-12-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-270 www.secnews.physaphae.fr/article.php?IdArticle=8421635 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A format string vulnerability [CWE-134] in the HTTPSd daemon of FortiOS, FortiProxy and FortiPAM may allow an authenticated user to execute unauthorized code or commands via specially crafted API requests.]]> 2023-12-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-138 www.secnews.physaphae.fr/article.php?IdArticle=8421639 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A double free vulnerability [CWE-415] in FortiOS and FortiPAM HTTPSd daemon may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands.]]> 2023-12-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-196 www.secnews.physaphae.fr/article.php?IdArticle=8421634 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A cross-site scripting forgery vulnerability [CWE-352] in FortiMail, FortiNDR, FortiRecorder, FortiSwitch & FortiVoiceEnterprise may allow a remote and unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.]]> 2023-12-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-22-038 www.secnews.physaphae.fr/article.php?IdArticle=8421637 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper output neutralization for logs vulnerability [CWE-117] in FortiWeb Traffic Log component may allow an attacker to forge traffic logs via a crafted URL of the web application.]]> 2023-12-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-256 www.secnews.physaphae.fr/article.php?IdArticle=8421644 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper access control vulnerability [CWE-284] in FortiMail configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.]]> 2023-12-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-439 www.secnews.physaphae.fr/article.php?IdArticle=8421636 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper access control vulnerability [CWE-284] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.]]> 2023-12-12T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-432 www.secnews.physaphae.fr/article.php?IdArticle=8421638 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability *PRODUCT OUT OF SUPPORT* A improper limitation of a pathname to a restricted directory (\'path traversal\') vulnerability [CWE-22] in FortiWAN may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-265 www.secnews.physaphae.fr/article.php?IdArticle=8412042 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An untrusted search path vulnerability [CWE-426] in FortiClient Windows OpenSSL component may allow an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-274 www.secnews.physaphae.fr/article.php?IdArticle=8412030 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A use of hard-coded credentials [CWE-798] in FortiManager and FortiAnalyzer may allow an attacker to access Fortinet dummy testing data via the use of static credentials. Those credentials have been revoked.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-177 www.secnews.physaphae.fr/article.php?IdArticle=8412035 False None None None Fortinet Vunerability - Fortinet Vunerability An improper authorization vulnerability [CWE-285] in FortiMail webmail may allow an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-203 www.secnews.physaphae.fr/article.php?IdArticle=8412034 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper validation of integrity check value vulnerability [CWE-354] in FortiOS and FortiProxy VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesytem integrity check in place.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-22-396 www.secnews.physaphae.fr/article.php?IdArticle=8412037 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-392 www.secnews.physaphae.fr/article.php?IdArticle=8412038 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-290 www.secnews.physaphae.fr/article.php?IdArticle=8412040 False None None None Fortinet Vunerability - Fortinet Vunerability Fortinet is aware of a research article named TunnelCrack, published at Usenix [1], which describe the LocalNet and ServerIP attacks. These attacks aim to leak VPN client traffic outside of the protected VPN tunnel when clients connect via untrusted networks, such as rogue Wi-Fi access points.  The LocalNet attack allows an attacker to force the usage of local network access features of the VPN to access unencrypted traffic. The ServerIP attack allows an attacker to intercept traffic sent to a spoofed VPN gateway via DNS spoofing attacks. These attacks do not enable the attacker to decrypt the encrypted traffic but rather will try to redirect the traffic through attacker controlled channels before the traffic is encrypted by the VPN.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-383 www.secnews.physaphae.fr/article.php?IdArticle=8412045 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability *PRODUCT OUT OF SUPPORT* An improper authentication vulnerability [CWE-287] in FortWAN may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-061 www.secnews.physaphae.fr/article.php?IdArticle=8412041 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper access control vulnerabilty [CWE-284] in FortiEDRCollectorWindows may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-306 www.secnews.physaphae.fr/article.php?IdArticle=8412032 False None None None Fortinet Vunerability - Fortinet Vunerability An improper access control vulnerability [CWE-284] in FortiADC automation feature may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-22-292 www.secnews.physaphae.fr/article.php?IdArticle=8412026 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An incorrect authorization [CWE-863] vulnerability in FortiClient (Windows) may allow a local low privileged attacker to perform arbitrary file deletion in the device filesystem.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-22-299 www.secnews.physaphae.fr/article.php?IdArticle=8412029 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A relative path traversal vulnerability [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read arbitrary files via crafted HTTP requests.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-143 www.secnews.physaphae.fr/article.php?IdArticle=8412043 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A null pointer dereference [CWE-476] in FortiOS and FortiProxy SSL VPN may allow an authenticated attacker to perform a DoS attack on the device via specifically crafted HTTP requests.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-151 www.secnews.physaphae.fr/article.php?IdArticle=8412036 False None None None Fortinet Vunerability - Fortinet Vunerability An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-287 www.secnews.physaphae.fr/article.php?IdArticle=8412033 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Multiple buffer copy without checking size of input (\'classic buffer overflow\') vulnerabilities [CWE-120] in FortiADC & FortiDDoS-F may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-064 www.secnews.physaphae.fr/article.php?IdArticle=8412027 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A use of hard-coded credentials vulnerability [CWE-798] in FortiClient for Windows may allow an attacker to bypass system protections via the use of static credentials.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-108 www.secnews.physaphae.fr/article.php?IdArticle=8412031 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests. This vulnerability was internally discovered as a variant of FG-IR-23-130.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-135 www.secnews.physaphae.fr/article.php?IdArticle=8416175 False None None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in an sql command [CWE-89] in FortiWLM may allow a remote unauthenticated attacker to execute unauthorized sql queries via a crafted http request.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-142 www.secnews.physaphae.fr/article.php?IdArticle=8416176 False None None None Fortinet Vunerability - Fortinet Vunerability A permissive cross-domain policy with untrusted domains (CWE-942) vulnerability in the API of FortiADC / FortiDDoS-F may allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-22-518 www.secnews.physaphae.fr/article.php?IdArticle=8412028 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool) A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to "let the host resolve the name" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior. https://curl.se/docs/CVE-2023-38545.html CVE-2023-38546: severity LOW (affects libcurl only, not the tool) A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. https://curl.se/docs/CVE-2023-38546.html]]> 2023-11-14T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-385 www.secnews.physaphae.fr/article.php?IdArticle=8412025 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability [CWE-22] in FortiSandbox may allow a low privileged attacker to delete arbitrary files via crafted http requests.]]> 2023-10-13T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-280 www.secnews.physaphae.fr/article.php?IdArticle=8395225 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A relative path traversal vulnerability [CWE-23] in FortiSIEM file upload components may allow an authenticated, low privileged user of the FortiSIEM GUI to escalate their privilege and replace arbitrary files on the underlying filesystem via specifically crafted HTTP requests.]]> 2023-10-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-085 www.secnews.physaphae.fr/article.php?IdArticle=8394380 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiOS may allow a remote authenticated attacker to inject script related HTML tags via the SAML and Security Fabric components.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-104 www.secnews.physaphae.fr/article.php?IdArticle=8394105 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in an OS Command (\'OS Command Injection\') vulnerability [CWE-78 ] in FortiManager, FortiAnalyzer and FortiADC  management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-22-352 www.secnews.physaphae.fr/article.php?IdArticle=8394104 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A server-side request forgery vulnerability [CWE-918] in FortiAnalyzer and FortiManager may allow a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-19-039 www.secnews.physaphae.fr/article.php?IdArticle=8394091 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A relative path traversal [CVE-23] vulnerability in FortiManager and FortiAnalyzer may allow a remote attacker with low privileges to execute unauthorized code via crafted HTTP requests.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-189 www.secnews.physaphae.fr/article.php?IdArticle=8394103 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper access control vulnerability [CWE-284] in the FortiOS REST API component may allow an authenticated attacker to access a restricted resource from a non trusted host.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-139 www.secnews.physaphae.fr/article.php?IdArticle=8394109 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An interpretation conflict vulnerability [CWE-436] in FortiOS IPS Engine may allow an unauthenticated remote attacker to evade NGFW policies or IPS Engine protection via crafted TCP packets.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-090 www.secnews.physaphae.fr/article.php?IdArticle=8394107 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiManager & FortiAnalyzer may allow a remote attacker with low privileges to read sensitive information via crafted HTTP requests.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-201 www.secnews.physaphae.fr/article.php?IdArticle=8394099 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper access control vulnerability [CWE-284] in FortiManager management interface may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-062 www.secnews.physaphae.fr/article.php?IdArticle=8394098 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in an os command (\'OS Command Injection\') vulnerability [CWE-78] in FortiIsolator may allow a privileged attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-21-233 www.secnews.physaphae.fr/article.php?IdArticle=8394095 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer may allow a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-221 www.secnews.physaphae.fr/article.php?IdArticle=8394090 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Two side channel hardware vulnerabilities named Downfall (CVE-2022-40982) and Zenbleed (CVE-2023-20593) impact Intel and AMD processors. "Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages." [1] "The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. " [1] "Zenbleed, affecting AMD CPUs, shows that incorrectly implemented speculative execution of the SIMD Zeroupper instruction leaks stale data from physical hardware registers to software registers. Zeroupper instructions should clear the data in the upper-half of SIMD]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-277 www.secnews.physaphae.fr/article.php?IdArticle=8394089 False Vulnerability,Cloud None None Fortinet Vunerability - Fortinet Vunerability A use after free vulnerability [CWE-416] in FortiOS & FortiProxy may allow an unauthenticated remote attacker to crash the Web Proxy process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-184 www.secnews.physaphae.fr/article.php?IdArticle=8394110 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A use of GET request method with sensitive query strings vulnerability [CWE-598] in the FortiOS SSL VPN component may allow an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services (found in logs, referers, caches, etc...)]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-120 www.secnews.physaphae.fr/article.php?IdArticle=8394108 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper authorization vulnerability [CWE-285] in FortiOS\'s WEB UI component may allow an authenticated attacker belonging to the prof-admin profile to perform elevated actions.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-318 www.secnews.physaphae.fr/article.php?IdArticle=8394106 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A client-side enforcement of server-side security [CWE-602] vulnerability in FortiManager and FortiAnalyzer may allow a remote attacker with low privileges to access a privileged web console via client side code execution.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-187 www.secnews.physaphae.fr/article.php?IdArticle=8394101 False None None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in an OS Command [CWE-22] in FortiManager and FortiAnalyzer may allow a low privileged authenticated attacker to delete arbitrary files via the CLI.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-169 www.secnews.physaphae.fr/article.php?IdArticle=8394102 False None None None Fortinet Vunerability - Fortinet Vunerability An incorrect authorization vulnerability [CWE-863] in FortiMail webmail may allow an authenticated attacker to login to other users accounts from the same web domain via crafted HTTP or HTTPs requests.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-202 www.secnews.physaphae.fr/article.php?IdArticle=8394096 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An insertion of sensitive information into log file [CWE-532] in the FortiGuest RADIUS logs may allow a local attacker to access plaintext passwords.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-052 www.secnews.physaphae.fr/article.php?IdArticle=8394094 False None None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail may allow an authenticated attacker to inject HTML tags in FortiMail\'s calendar via input fields.]]> 2023-10-10T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-194 www.secnews.physaphae.fr/article.php?IdArticle=8394097 False Vulnerability None None