CNNVD-202602-768 Information
CNNVD ID
CNNVD-202602-768
Related CVE
- CNNVD Published: 2026-02-05
Description (Chinese)
Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS 7.6.6及之前版本存在安全漏洞,该漏洞源于设备配置文件中存储的LDAP凭据可被解密,可能导致攻击者获取凭据。
Description (English)
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform of the United States of America. The system provides a wide range of security features for users, including firewalls, anti-virus, IPSEc/SSLVPN, Web content filters and anti-spam. Fortinet FortiOS 7.6.6 and previous versions have security loopholes, which stem from the fact that LDAPs stored in equipment configuration documents can be decrypted and may lead to evidence being obtained by the attackers.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
飞塔
Published
2026-02-05
Last Modified
2026-02-24
References
https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords https://docs.fortinet.com/document/fortimanager/7.6.6/administration-guide/30332/managing-fortigates-with-private-data-encryption https://vigilance.fr/vulnerability/Fortinet-FortiOS-information-disclosure-via-Decrypt-LDAP-Credentials-49564