• Filter by Date
  • Filter by Risk
  • Filter by Affected Product

PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

Multiple padding Oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS...

Feb 25, 2020 Risk IR Number: FG-IR-19-145
An improper input validation vulnerability in FortiOS admin webUI may allow an attacker to perform an URL redirect attack via...

FortiOS 5.4, 5.6, 6.0, 6.2
Feb 18, 2020 Risk IR Number: FG-IR-19-179
An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform...

FortiManager 5.6, 6.0, 6.2
Feb 13, 2020 Risk IR Number: FG-IR-19-191
FortiGate models which do not contain and embedded TRNG may suffer from insufficient entropy ("seed") in the CTR DRBG random data...

Feb 13, 2020 Risk IR Number: FG-IR-19-186
A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary...

FortiAP 5.6, 6.0, 6.2
Feb 10, 2020 Risk IR Number: FG-IR-19-209
An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal denial...

FortiAnalyzer 5.6, 6.0, 6.2 FortiAP 6.0, 6.2 FortiManager 5.6, 6.0, 6.2 FortiOS 6.0, 6.2 FortiSwitch 6.0, 6.2
Feb 03, 2020 Risk IR Number: FG-IR-19-013