Dernières alertes de sécurité
FortiOS & FortiProxy - Webproxy process denial of service
> date : 2023-10-10 09:00:00
> lien :
https://fortiguard.fortinet.com/psirt/FG-IR-23-184
A use after free vulnerability [CWE-416] in FortiOS & FortiProxy may allow an unauthenticated remote attacker to crash the Web Proxy process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. [...]
FortiOS - REST API trusted host bypass
> date : 2023-10-10 09:00:00
> lien :
https://fortiguard.fortinet.com/psirt/FG-IR-23-139
An improper access control vulnerability [CWE-284] in the FortiOS REST API component may allow an authenticated attacker to access a restricted resource from a non trusted host. [...]
FortiOS - Plain-text credentials in GET request via SSL VPN web portal
> date : 2023-10-10 09:00:00
> lien :
https://fortiguard.fortinet.com/psirt/FG-IR-23-120
A use of GET request method with sensitive query strings vulnerability [CWE-598] in the FortiOS SSL VPN component may allow an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services (found in logs, referers, caches, etc...) [...]
FortiOS - IPS Engine evasion using custom TCP flags
> date : 2023-10-10 09:00:00
> lien :
https://fortiguard.fortinet.com/psirt/FG-IR-23-090
An interpretation conflict vulnerability [CWE-436] in FortiOS IPS Engine may allow an unauthenticated remote attacker to evade NGFW policies or IPS Engine protection via crafted TCP packets. [...]
|
page précédente |
page 3 |
page suivante |
FortiOS & FortiProxy - Webproxy process denial of service
Sécurité
Classement
