PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An improper access control vulnerability exists in FortiAnalyzer and FortiManager, whereby a regular user of the GUI can edit...

Jun 22, 2018 Risk IR Number: FG-IR-18-014
A potential Cross-site Scripting (XSS) vulnerability exists in FortiManager: Displayed data is not sanitized when an administrator...

Jun 22, 2018 Risk IR Number: FG-IR-18-006
Multiple Denial of Service (DoS) or process crash vulnerabilities (CVE-2018-5737, CVE-2018-5736) are affecting ISC BIND.

Jun 05, 2018 Risk IR Number: FG-IR-18-112
On FortiAuthenticator, a HTML page is returned to the user when the CSRF validation fails on referer mismatch. This page displays...

May 29, 2018 Risk IR Number: FG-IR-18-059
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically...

May 18, 2018 Risk IR Number: FG-IR-17-231
An admin user with super_admin privileges can execute an arbitrary binary contained on an USB drive plugged to a FortiGate, via...

May 18, 2018 Risk IR Number: FG-IR-17-245
US-Cert published a document at https://www.us-cert.gov/ncas/alerts/TA17-075A which outlines some security flaws that may be introduced...

May 16, 2018 Risk IR Number: FG-IR-17-160
FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had read/write...

May 04, 2018 Risk IR Number: FG-IR-17-274
In certain conditions, FortiClient users' VPN credentials are stored in improperly secured locations and unsafely encrypted.[CVE-2017-14184]When...

Apr 20, 2018 Risk IR Number: FG-IR-17-214
A collection of AMD vulnerabilities known as "Ryzenfall, Fallout, Chimera, Masterkey" has been released. Attackers in possession...

FortiAnalyzer FortiAP 5.2, 5.6 FortiOS 5.2, 4.2 FortiSwitch
Apr 13, 2018 Risk IR Number: FG-IR-18-046
A new side-channel attack that takes advantage of the speculative execution feature of modern processors to recover data from...

Apr 03, 2018 Risk IR Number: FG-IR-18-067
An improper access control vulnerability in FortiWeb's Signed Security mode may allow an attacker to disable the cookie tampering...

Mar 06, 2018 Risk IR Number: FG-IR-17-279
The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user...

Jan 22, 2018 Risk IR Number: FG-IR-17-262
Intel recently released a security update (Intel-SA-00086), regarding Intel ME 11.x, SPS 4.0, and TXE 3.0 intel products.The following...

Jan 04, 2018 Risk IR Number: FG-IR-17-271
When the "VPN before logon" feature of FortiClient Windows is enabled (disabled by default), and when the server certificate is...

Dec 13, 2017 Risk IR Number: FG-IR-17-070