PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
FortiGate may fail to record traffic destined to Fortinet owned IP addresses i.e. traffic destined to the following subnets: 173.243.128.0/20,...
An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information such...
FortiOS by default enables TCP timestamp response, which may lead to information disclosure.The TCP timestamp response can be...
An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive...
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of...
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.
The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname of the...
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically...
The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number.
The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext.
The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message.
An attacker...