PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An OS command injection vulnerability in FortiDeceptor may allow a remote authenticated attacker to execute arbitrary commands...
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux may allow local users to elevate...
The Apache project released an advisory on August 7th 2020, which describes the following vulnerabilities:1) CVE-2020-9490 Apache...
Makers of popular WiFi hacking tool hashcat have discovered a way to improve password brute-forcing of the WPA/WPA2 wifi network...
Two improper access control vulnerabilities in FortiMail admin webUI may allow administrators to perform privileged functions...
TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479
CVE-2019-11477:The Linux kernel is vulnerable to an integer overflow in the 16 bit width of TCP_SKB_CB(skb)->tcp_gso_segs. A...
A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for logged...
A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system...
Some models of FortiAnalyzer and FortiManager have a default setting of "Failover", for remote IPMI access; this means that if...
An Improper Authorization vulnerability in the SSL VPN web portal may allow an unauthenticated attacker to change the password...
11 zero day vulnerabilities (aka. URGENT/11) were disclosed in VxWorks® TCP/IP stack (IPnet):CVE-2019-12255 - TCP Urgent Pointer...
An Use of Hard-coded Credentials vulnerability in FortiRecorder may allow an unauthenticated attacker with knowledge of the aforementioned...
Multiple Fortinet products may be affected by the following Linux Kernel vulnerability:CVE-2016-10229 Linux Kernel ipv4/udp.c...
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings...
There is a format string vulnerability in the SSH username handling when connecting to FortiOS 5.6.0, that may lead to memory...