PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in...

Dec 01, 2020 Risk IR Number: FG-IR-20-035
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnalyzer...

FortiAnalyzer 6.0, 6.2 FortiManager 6.0, 6.2 FortiOS 6.0, 6.2
Jun 30, 2020 Risk IR Number: FG-IR-19-007
Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow...

FortiClient 6.0, 6.2
Jun 01, 2020 Risk IR Number: FG-IR-19-194
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain...

Apr 06, 2020 Risk IR Number: FG-IR-20-013
An improper neutralization of input vulnerability in FortiManager GUI may allow an authenticated attacker to perform an XSS (Cross...

Mar 11, 2020 Risk IR Number: FG-IR-19-271
An improper neutralization of input vulnerability in the FortiADC may allow an attacker to execute a stored Cross Site Scripting...

FortiADC 5.3
Mar 09, 2020 Risk IR Number: FG-IR-19-220
FortiGate models which do not contain and embedded TRNG may suffer from insufficient entropy ("seed") in the CTR DRBG random data...

Feb 13, 2020 Risk IR Number: FG-IR-19-186
A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access...

Jan 15, 2020 Risk IR Number: FG-IR-19-296
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP...

FortiGate 5.4, 5.6, 6.0
Jan 03, 2020 Risk IR Number: FG-IR-19-002
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may allow...

Nov 25, 2019 Risk IR Number: FG-IR-19-184
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restoring modified...

Nov 14, 2019 Risk IR Number: FG-IR-17-053
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker  to read sensitive...

Nov 08, 2019 Risk IR Number: FG-IR-19-227
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc. These attacks allow malicious userspace...

Aug 26, 2019 Risk IR Number: FG-IR-18-002
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from...

Apr 23, 2019 Risk IR Number: FG-IR-19-110
A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man...

Apr 23, 2019 Risk IR Number: FG-IR-18-051