PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiClient for Windows could be subject to the following shut down or tampering attempts:a) User Interface or Command Line shut...

Oct 18, 2019 Risk IR Number: FG-IR-19-148
Multiple information exposure vulnerabilities in FortiOS may allow an unauthenticated attacker to perform some information gathering...

Oct 18, 2019 Risk IR Number: FG-IR-19-043
An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated attacker...

Oct 08, 2019 Risk IR Number: FG-IR-19-100
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized...

Sep 23, 2019 Risk IR Number: FG-IR-19-072
Some models of FortiAnalyzer and FortiManager have a default setting of "Failover", for remote IPMI access; this means that if...

Sep 17, 2019 Risk IR Number: FG-IR-17-195
Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service (DoS) attacks.The related CVEs are:CVE-2019-9511,...

Sep 03, 2019 Risk IR Number: FG-IR-19-225
An Improper Authorization vulnerability in the SSL VPN web portal may allow an unauthenticated attacker to change the password...

Aug 30, 2019 Risk IR Number: FG-IR-18-389
11 zero day vulnerabilities (aka. URGENT/11) were disclosed in VxWorks® TCP/IP stack (IPnet):CVE-2019-12255 - TCP Urgent Pointer...

Aug 26, 2019 Risk IR Number: FG-IR-19-222
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc. These attacks allow malicious userspace...

Aug 26, 2019 Risk IR Number: FG-IR-18-002
Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS) attack...

Aug 21, 2019 Risk IR Number: FG-IR-19-034
An Use of Hard-coded Credentials vulnerability in FortiRecorder may allow an unauthenticated attacker with knowledge of the aforementioned...

Aug 12, 2019 Risk IR Number: FG-IR-19-185
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive...

Jul 26, 2019 Risk IR Number: FG-IR-19-037
FortiOS Explicit Web Proxy by default allows non-standard HTTP traffic. FortiOS SSL/SSH Inspection Profile by default allows non-standard...

Jul 24, 2019 Risk IR Number: FG-IR-19-111
Multiple Fortinet products may be affected by the following Linux Kernel vulnerability:CVE-2016-10229 Linux Kernel ipv4/udp.c...

Jul 24, 2019 Risk IR Number: FG-IR-17-118
FortiOS by default enables TCP timestamp response, which may lead to information disclosure.The TCP timestamp response can be...

Jul 24, 2019 Risk IR Number: FG-IR-16-090