PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

A cleartext storage of sensitive information in GUI in FortiADC may allow a remote authenticated attacker to retrieve some sensitive...

Nov 03, 2020 Risk IR Number: FG-IR-20-044
An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker...

Nov 03, 2020 Risk IR Number: FG-IR-20-105
A cleartext storage of sensitive information vulnerability in FortiOS command line interface may allow an authenticated attacker...

Oct 19, 2020 Risk IR Number: FG-IR-20-009
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux may allow local users to elevate...

Oct 19, 2020 Risk IR Number: FG-IR-20-110
The Apache project released an advisory on August 7th 2020, which describes the following vulnerabilities:1) CVE-2020-9490 Apache...

Oct 05, 2020 Risk IR Number: FG-IR-20-128
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS may allow an authenticated remote attacker to crash...

Oct 01, 2020 Risk IR Number: FG-IR-19-248
FortiGate may fail to record traffic destined to Fortinet owned IP addresses i.e. traffic destined to the following subnets: 173.243.128.0/20,...

Sep 24, 2020 Risk IR Number: FG-IR-20-033
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiOS may allow a remote...

Sep 24, 2020 Risk IR Number: FG-IR-20-082
Under non-default configuration, a stack-based buffer overflow in FortiGate may allow a remote attacker authenticated to the SSL...

Sep 24, 2020 Risk IR Number: FG-IR-20-083
An improper neutralization of input vulnerability in FortiNAC may allow a remote authenticated attacker to perform a stored cross...

Sep 23, 2020 Risk IR Number: FG-IR-20-002
An improper neutralization of input vulnerability in FortiAnalyzer and FortiTester may allow a remote authenticated attacker to...

Sep 21, 2020 Risk IR Number: FG-IR-20-054
An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being logged...

Sep 18, 2020 Risk IR Number: FG-IR-19-269
An improper neutralization of script-related HTML tags in a web page in FortiManager and FortiAnalyzer may allow an attacker to...

Sep 18, 2020 Risk IR Number: FG-IR-20-005
An improper neutralization of input during web page generation in the SSL VPN portal of FortiOS may allow a remote authenticated...

Sep 16, 2020 Risk IR Number: FG-IR-19-223
On June 16, 2020, cybersecurity researchers from JSOF published a set of 19 vulnerabilities, dubbed Ripple20 that are impacting...

Jul 30, 2020 Risk IR Number: FG-IR-20-104