PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in...
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnalyzer...
FortiAnalyzer
6.0, 6.2
FortiManager
6.0, 6.2
FortiOS
6.0, 6.2
Jun 30, 2020
Risk Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow...
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain...
An improper neutralization of input vulnerability in FortiManager GUI may allow an authenticated attacker to perform an XSS (Cross...
An improper neutralization of input vulnerability in the FortiADC may allow an attacker to execute a stored Cross Site Scripting...
FortiGate models which do not contain and embedded TRNG may suffer from insufficient entropy ("seed") in the CTR DRBG random data...
A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access...
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP...
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may allow...
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restoring modified...
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive...
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc. These attacks allow malicious userspace...
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from...
A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man...