News

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. (CVSS:8.8) (EPSS:0.06%) (Last Update:2023-11-01 16:22:12)

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform. (CVSS:6.5) (EPSS:0.05%) (Last Update:2023-11-01 16:21:53)

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software. (CVSS:5.8) (EPSS:0.07%) (Last Update:2023-11-01 16:21:05)

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. (CVSS:6.3) (EPSS:0.05%) (Last Update:2023-11-01 16:20:03)

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. (CVSS:7.8) (Last Update:2023-11-01 16:22:57)

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. (CVSS:6.5) (EPSS:0.12%) (Last Update:2023-10-31 17:46:37)

A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. (CVSS:8.1) (EPSS:0.09%) (Last Update:2023-10-16 16:52:59)

A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. (CVSS:7.5) (EPSS:0.04%) (Last Update:2023-10-16 16:05:54)

A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. (CVSS:7.5) (EPSS:0.04%) (Last Update:2023-10-16 16:06:43)

An improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests. (CVSS:6.1) (EPSS:0.04%) (Last Update:2023-10-16 16:07:06)

A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. (CVSS:7.5) (EPSS:0.04%) (Last Update:2023-10-16 14:27:21)

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. (CVSS:6.5) (EPSS:0.06%) (Last Update:2023-10-25 18:17:32)

A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. (CVSS:6.5) (EPSS:0.08%) (Last Update:2023-10-18 22:15:09)

An improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command (CVSS:7.8) (EPSS:0.04%) (Last Update:2023-10-18 22:15:09)

A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. (CVSS:7.5) (EPSS:0.05%) (Last Update:2023-10-13 18:38:48)

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. (CVSS:5.3) (EPSS:0.07%) (Last Update:2023-10-13 16:32:58)

An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least “device management” permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs (CVSS:9.6) (EPSS:0.05%) (Last Update:2023-10-13 16:54:58)

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. (CVSS:5.3) (EPSS:0.07%) (Last Update:2023-10-13 16:29:27)

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 – 7.0.11 and 7.2.0 – 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. (CVSS:8.8) (EPSS:0.05%) (Last Update:2023-10-12 20:38:09)

An improper neutralization of special elements used in an os command (‘os command injection’) in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. (CVSS:7.1) (EPSS:0.04%) (Last Update:2023-10-13 16:22:37)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. (CVSS:9.8) (EPSS:0.07%) (Last Update:2023-10-13 16:00:52)

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 – 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. (CVSS:5.4) (EPSS:0.05%) (Last Update:2023-10-13 16:06:15)

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. (CVSS:8.8) (EPSS:0.05%) (Last Update:2023-10-13 16:12:58)

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail’s calendar via input fields. (CVSS:5.4) (EPSS:0.05%) (Last Update:2023-10-13 16:08:49)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. (CVSS:8.8) (EPSS:0.05%) (Last Update:2023-10-11 14:28:40)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. (CVSS:9.8) (EPSS:0.05%) (Last Update:2023-10-11 14:29:10)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. (CVSS:9.8) (EPSS:0.05%) (Last Update:2023-10-11 14:29:23)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. (CVSS:9.8) (EPSS:0.05%) (Last Update:2023-10-11 14:29:34)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. (CVSS:9.8) (EPSS:0.05%) (Last Update:2023-10-11 14:30:19)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. (CVSS:9.8) (EPSS:0.05%) (Last Update:2023-10-11 14:30:46)

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 – 7.0.12, 7.2.0 – 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. (CVSS:7.5) (EPSS:0.09%) (Last Update:2023-10-12 19:59:17)

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. (CVSS:3.3) (EPSS:0.04%) (Last Update:2023-10-12 20:21:29)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. (CVSS:8.8) (EPSS:0.05%) (Last Update:2023-10-11 14:28:17)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. (CVSS:8.8) (EPSS:0.05%) (Last Update:2023-10-11 14:28:25)

An improper access control vulnerability in Fortinet FortiOS 7.2.0 – 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. (CVSS:6.5) (EPSS:0.04%) (Last Update:2023-10-13 15:44:05)

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. (CVSS:8.8) (EPSS:0.05%) (Last Update:2023-10-11 14:01:04)

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. (CVSS:5.5) (EPSS:0.04%) (Last Update:2023-09-19 15:35:22)

A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands. (CVSS:7.8) (EPSS:0.04%) (Last Update:2023-09-15 15:32:42)

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. (CVSS:8.8) (EPSS:0.07%) (Last Update:2023-09-15 15:32:15)

A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. (CVSS:5.3) (EPSS:0.04%) (Last Update:2023-09-15 13:32:18)

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. (CVSS:8.8) (EPSS:0.05%) (Last Update:2023-09-15 13:46:11)

An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID. (CVSS:4.3) (EPSS:0.05%) (Last Update:2023-09-15 15:13:20)

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. (CVSS:7.8) (EPSS:0.04%) (Last Update:2023-09-15 14:42:46)

A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device. (CVSS:5.5) (EPSS:0.04%) (Last Update:2023-09-15 14:41:41)

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths. (CVSS:5.3) (EPSS:0.05%) (Last Update:2023-09-15 14:57:42)

An improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting. (CVSS:8.0) (EPSS:0.05%) (Last Update:2023-09-15 13:23:52)

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2
7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. (CVSS:7.1) (EPSS:0.05%) (Last Update:2023-09-12 14:26:22)

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images. (CVSS:7.7) (EPSS:0.04%) (Last Update:2023-09-15 17:39:44)

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise. (CVSS:8.0) (EPSS:0.04%) (Last Update:2023-09-15 14:19:09)

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise. (CVSS:8.0) (EPSS:0.04%) (Last Update:2023-09-15 17:40:15)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:6.5) (EPSS:0.05%) (Last Update:2023-08-29 13:19:12)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:6.5) (EPSS:0.05%) (Last Update:2023-08-29 13:32:28)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:6.5) (EPSS:0.05%) (Last Update:2023-08-29 15:07:36)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:6.1) (EPSS:0.05%) (Last Update:2023-08-29 15:12:01)

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal
    structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information. (CVSS:5.5) (EPSS:0.07%) (Last Update:2023-08-29 15:25:41)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:8.1) (EPSS:0.06%) (Last Update:2023-08-29 20:23:34)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:8.1) (EPSS:0.06%) (Last Update:2023-08-29 20:23:57)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:8.1) (EPSS:0.06%) (Last Update:2023-08-29 20:26:40)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:8.1) (EPSS:0.06%) (Last Update:2023-08-29 20:26:54)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:8.1) (EPSS:0.06%) (Last Update:2023-08-29 20:27:06)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:8.1) (EPSS:0.06%) (Last Update:2023-08-29 20:27:14)

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. (CVSS:6.5) (EPSS:0.05%) (Last Update:2023-08-29 12:58:21)

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. (CVSS:8.1) (EPSS:0.05%) (Last Update:2023-08-29 17:53:55)

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. (CVSS:8.1) (EPSS:0.05%) (Last Update:2023-08-29 19:28:28)

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. (CVSS:8.1) (EPSS:0.05%) (Last Update:2023-08-29 19:44:46)

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker’s control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. (CVSS:8.1) (EPSS:0.09%) (Last Update:2023-08-29 19:55:51)

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. (CVSS:8.0) (EPSS:0.06%) (Last Update:2023-08-29 20:18:01)

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator
host. (CVSS:7.5) (EPSS:0.05%) (Last Update:2023-08-30 14:21:34)

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. (CVSS:7.2) (EPSS:0.06%) (Last Update:2023-08-29 20:32:02)

A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. (CVSS:7.2) (EPSS:0.07%) (Last Update:2023-08-29 20:36:16)

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections. (CVSS:6.7) (EPSS:0.04%) (Last Update:2023-08-23 15:36:24)

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. (CVSS:9.8) (EPSS:0.23%) (Last Update:2023-08-01 20:37:38)

Local user may lead to privilege escalation using Gaia Portal hostnames page. (CVSS:7.2) (EPSS:0.10%) (Last Update:2023-08-02 20:45:07)

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. (CVSS:9.8) (EPSS:0.20%) (Last Update:2023-08-02 16:23:33)

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. (CVSS:9.8) (EPSS:0.20%) (Last Update:2023-08-02 16:23:10)

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. (CVSS:9.8) (EPSS:0.20%) (Last Update:2023-08-02 16:20:18)

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file (CVSS:7.8) (EPSS:0.05%) (Last Update:2023-08-01 16:44:45)

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. (CVSS:5.5) (EPSS:0.07%) (Last Update:2023-07-20 17:24:38)

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. (CVSS:0.0) (Last Update:2023-07-20)

An insufficient session expiration in Fortinet FortiOS 7.0.0 – 7.0.12 and 7.2.0 – 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. (CVSS:9.8) (EPSS:0.09%) (Last Update:2023-07-18 20:59:51)

An improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. (CVSS:6.5) (Last Update:2023-07-20 17:05:20)

An improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. (CVSS:0.0) (Last Update:2023-07-20)

An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters. (CVSS:0.0) (Last Update:2023-07-18)

An insufficient session expiration in Fortinet FortiOS 7.0.0 – 7.0.12 and 7.2.0 – 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. (CVSS:0.0) (Last Update:2023-07-18)

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. (CVSS:6.5) (EPSS:0.05%) (Last Update:2023-07-11 19:26:15)

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. (CVSS:6.5) (EPSS:0.05%) (Last Update:2023-07-11 19:28:16)

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. (CVSS:6.1) (EPSS:0.06%) (Last Update:2023-07-11 11:52:38)

There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller. (CVSS:7.5) (EPSS:0.05%) (Last Update:2023-07-11 17:49:51)

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. (CVSS:7.2) (Last Update:2023-07-11 18:21:21)

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. (CVSS:8.1) (Last Update:2023-07-11 19:21:44)

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. (CVSS:8.8) (Last Update:2023-07-11 17:38:32)

An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. (CVSS:7.2) (Last Update:2023-07-10 23:48:12)

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. (CVSS:7.2) (Last Update:2023-07-11 00:50:42)

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. (CVSS:9.8) (EPSS:0.20%) (Last Update:2023-07-03 18:59:42)

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. (CVSS:0.0) (Last Update:2023-07-03)

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. (CVSS:6.5) (EPSS:0.04%) (Last Update:2023-06-23 21:27:27)

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. (CVSS:6.5) (EPSS:0.04%) (Last Update:2023-06-23 21:27:40)

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. (CVSS:0.0) (Last Update:2023-06-23)

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. (CVSS:0.0) (Last Update:2023-06-23)

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. (CVSS:7.8) (EPSS:0.04%) (Last Update:2023-07-31 21:15:10)