PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.


Feb 05, 2015 Risk IR Number: FG-IR-15-003

Feb 05, 2015 Risk IR Number: FG-IR-15-002

Jan 28, 2015 Risk IR Number: FG-IR-15-001

Dec 18, 2014 Risk IR Number: FG-IR-14-034
Prior to version 5.0.7, the Web User Interface of FortiManager and FortiAnalyzer is vulnerable to multiple reflected Cross-Site...

Oct 30, 2014 Risk IR Number: FG-IR-14-033

Oct 21, 2014 Risk IR Number: FG-IR-14-032

Oct 15, 2014 Risk IR Number: FG-IR-14-031

Sep 25, 2014 Risk IR Number: FG-IR-14-030
A temporary denial of service condition can be created using a specially crafted request sent to the FortiManager protocol service...

Aug 19, 2014 Risk IR Number: FG-IR-14-006
FortiWeb 5.0, 5.1 and 5.2.0 are vulnerable to multiple reflective cross-site scripting issues. Several parameters in the web management...

Jul 10, 2014 Risk IR Number: FG-IR-14-012
The OpenSSL project released an advisory on June 5th, 2014, which describes the following vulnerabilities: SSL/TLS MITM vulnerability...

Jun 06, 2014 Risk IR Number: FG-IR-14-018
Multiple CSRF vulnerabilities exist in the FortiWeb web administration console due to lack of CSRF token protection. This could...

May 02, 2014 Risk IR Number: FG-IR-14-013
An information disclosure vulnerability has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This vulnerability may allow...

Apr 08, 2014 Risk IR Number: FG-IR-14-011
The web administration interface on FortiADC D-series versions 3.2.0 and lower have a reflective cross-site scripting vulnerability...

Apr 03, 2014 Risk IR Number: FG-IR-14-004
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to...

Apr 02, 2014 Risk IR Number: FG-IR-14-010