No fix, workaround or mitigation extracted yet
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.
An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.
Discuss the latest advisories, swap patch-day notes with other infra teams, and get support — straight from the people who run VulniPulse.
Join the communityIf you want to support server/domain costs, please donate below — much love ❤️
Donate