June
(1)
Refine Search
PSIRT Advisories
The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.
An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information such...
FortiOS by default enables TCP timestamp response, which may lead to information disclosure.The TCP timestamp response can be...
An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive...
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of...
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.
The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname of the...
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically...
The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number.
The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext.
The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message.
An attacker...