Refine


Filter by Date:
All
2021
Filter by Risk Level:
All

PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiADC-E remote network access vulnerability
Oct 21, 2014 Risk IR Number: FG-IR-14-032
SSL v3 "POODLE" Vulnerability
Oct 15, 2014 Risk IR Number: FG-IR-14-031
Remote Exploit Vulnerability in Bash - (Shellshock)
Sep 25, 2014 Risk IR Number: FG-IR-14-030
FortiGate Vulnerabilities in FortiManager Service
A temporary denial of service condition can be created using a specially crafted request sent to the FortiManager protocol service...
Aug 19, 2014 Risk IR Number: FG-IR-14-006
FortiWeb Cross-Site Scripting Vulnerabilities
FortiWeb 5.0, 5.1 and 5.2.0 are vulnerable to multiple reflective cross-site scripting issues. Several parameters in the web management...
Jul 10, 2014 Risk IR Number: FG-IR-14-012
Multiple Vulnerabilities in OpenSSL
The OpenSSL project released an advisory on June 5th, 2014, which describes the following vulnerabilities: SSL/TLS MITM vulnerability...
Jun 06, 2014 Risk IR Number: FG-IR-14-018
FortiWeb Cross-Site Request Forgery Vulnerability
Multiple CSRF vulnerabilities exist in the FortiWeb web administration console due to lack of CSRF token protection. This could...
May 02, 2014 Risk IR Number: FG-IR-14-013
Information Disclosure Vulnerability in OpenSSL (Heartbleed)
An information disclosure vulnerability has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This vulnerability may allow...
Apr 08, 2014 Risk IR Number: FG-IR-14-011
FortiADC Cross-Site Scripting Vulnerability
The web administration interface on FortiADC D-series versions 3.2.0 and lower have a reflective cross-site scripting vulnerability...
Apr 03, 2014 Risk IR Number: FG-IR-14-004
FortiBalancer Remote SSH Vulnerability
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to...
Apr 02, 2014 Risk IR Number: FG-IR-14-010
FortiWeb Multiple Vulnerabilities
FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and privilege...
Feb 13, 2014 Risk IR Number: FG-IR-13-009
FortiGate Cross-Site Scripting Vulnerability
FortiOS 5.0.5 and earlier versions contain a cross-site scripting vulnerability. The mkey parameter in the URL /firewall/schedule/recurrdlg...
Feb 03, 2014 Risk IR Number: FG-IR-14-003
FortiWeb Cross-Site Scripting Vulnerability
Fortiweb 5.0.3 and earlier versions contain a cross-site scripting vulnerability. The filter parameter in the URL "/user/ldap_user/add"...
Feb 03, 2014 Risk IR Number: FG-IR-14-002
FortiWeb Stored Cross-Site Scripting Vulnerability
Authenticated administrative users can store injected Javascript content into a specific field on the web management interface....
Jan 17, 2014 Risk IR Number: FG-IR-14-001
FortiAuthenticator Privilege Escalation Vulnerability
Authenticated admin users may be able to obtain access to a system shell from the command line interface.
Dec 13, 2013 Risk IR Number: FG-IR-13-016