Fortinet Product Security Incident Response Team (PSIRT) Contact Form

Vulnerabilities in Fortinet PSIRT scope include any design or implementation issue that substantially affects the confidentiality or integrity of the product and/or impacts user security is likely to be in scope of PSIRT. Common examples include:

  • Undisclosed device access methods
  • Hardcoded or undocumented account credentials
  • Undocumented traffic diversion
  • Cross-site scripting
  • Cross-site request forgery
  • Mixed-content scripts
  • Authentication or authorization flaws
  • Server-side code execution bugs
  • Bypass of security feature (Bypass of AV/IPS engine)

Fortinet considers such product behaviors to be serious vulnerabilities. Fortinet will address any issues of these nature with the highest priority and encourages all parties to report suspected vulnerabilities to the Fortinet PSIRT for immediate investigation. Internal and external reports of these vulnerabilities will be managed and disclosed under the terms of the Fortinet Security Vulnerability Policy.

Please report non-product issues related to our corporate website or other Fortinet internal systems such as email etc at: Fortinet Corporate Security Incident Response Team (CSIRT) Contact Form.

Please include following information:
  • What is the starting position the attacker is in?
  • Can the attack be achieved using this vulnerability alone or in combination with others?
  • What are the assumption about the environment within which the target operates?
  • What are the prerequisites for the attack? etc.
Note: We expect the vulnerability to have a valid attack scenario and consider it a critical step when doing vulnerability research.
Please include any artifact that might be helpful for us such as request/response; network traces or captures for web vulnerabilities, debug traces for low level vulnerabilities; device configuration if it’s a feature bypass etc.

Max file size: 10M bytes

Please indicate the person(s) who report this vulnerability.
Please select all the values to calculate the CVSS 3.1 score of this vulnerability