Filter by Date
- 2021
  - 4 05-2021
  - 4 04-2021
  - 4 03-2021
  - 4 02-2021
  - 8 01-2021
- 2020
  - 3 12-2020
  - 2 11-2020
  - 4 10-2020
  - 8 09-2020
  - 2 07-2020
  - 12 06-2020
  - 4 05-2020
  - 4 04-2020
  - 10 03-2020
  - 6 02-2020
  - 9 01-2020
- 2019
  - 1 12-2019
  - 12 11-2019
  - 4 10-2019
  - 3 09-2019
  - 5 08-2019
  - 6 07-2019
  - 2 06-2019
  - 3 05-2019
  - 7 04-2019
  - 1 03-2019
  - 1 02-2019
  - 2 01-2019
- 2018
  - 1 12-2018
  - 5 11-2018
  - 8 08-2018
  - 2 07-2018
  - 5 06-2018
  - 5 05-2018
  - 3 04-2018
  - 1 03-2018
  - 2 01-2018
- 2017
  - 3 12-2017
  - 6 11-2017
  - 8 10-2017
  - 1 09-2017
  - 2 08-2017
  - 2 07-2017
  - 2 06-2017
  - 2 05-2017
  - 12 04-2017
  - 2 02-2017
- 2016
  - 1 12-2016
  - 5 11-2016
  - 1 10-2016
  - 6 09-2016
  - 6 08-2016
  - 3 07-2016
  - 1 06-2016
  - 2 05-2016
  - 1 04-2016
  - 2 03-2016
  - 1 02-2016
  - 1 01-2016
- 2015
  - 2 12-2015
  - 2 09-2015
  - 6 07-2015
  - 1 06-2015
  - 2 05-2015
  - 3 04-2015
  - 2 03-2015
  - 5 02-2015
  - 1 01-2015
- 2014
  - 1 12-2014
  - 3 10-2014
  - 1 09-2014
  - 1 08-2014
  - 1 07-2014
  - 1 06-2014
  - 1 05-2014
  - 3 04-2014
  - 3 02-2014
  - 1 01-2014
- 2013
  - 1 12-2013
  - 1 11-2013
  - 1 07-2013
  - 1 06-2013
  - 1 05-2013
  - 1 01-2013
- 2012
  - 2 12-2012
  - 2 10-2012
  - 1 09-2012
  - 1 08-2012
  - 1 05-2012
  - 1 02-2012
Filter by Risk
- 18
- 39
- 160
- 63
- 11
Filter by Affected Product
- All
- 7 FortiAnalyzer
- 6 FortiManager
- 6 FortiOS
- 5 FortiAP
- 3 FortiClient
- 3 FortiGate
- 3 FortiSwitch
- 2 FortiIsolator
- 2 FortiSIEM
- 2 FortiWeb

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2021: May, Apr, Mar, Feb, Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiAI - OS command injection due to improper input sanitization

An improper input validation in FortiAI v1.4.0 may allow an authenticated user to gain system shell access via a malicious...

May 05, 2021 Risk

IR Number: FG-IR-21-033

Hardcoded root password in Meru AP

A use of hard-coded password vulnerability in Meru AP may allow a remote authenticated attacker to access the system as ro...

May 05, 2021 Risk

IR Number: FG-IR-20-147

Privilege Escalation observed in FortiNAC by exploiting the SUDO privileges

A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root by abusing the...

May 05, 2021 Risk

IR Number: FG-IR-20-038

XSS vulnerability in FortiProxy SSLVPN Portal

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy may allow a remote auth...

May 05, 2021 Risk

IR Number: FG-IR-20-226

Authentication bypass in FortiWAN

A relative path traversal vulnerability (CWE-23) in FortiWAN may allow a remote non-authenticated attacker to delete files...

Apr 27, 2021 Risk

IR Number: FG-IR-21-048

Clear-text insertion of user's passwords into log files

A clear text storage of sensitive information into log file vulnerability in FortiADCManager and FortiADC may allow a remo...

Apr 06, 2021 Risk

IR Number: FG-IR-19-244

FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability

A stack-based buffer overflow vulnerability in the HTTPD daemon of FortiProxy may allow an authenticated remote attacker t...

Apr 06, 2021 Risk

IR Number: FG-IR-21-007

The password configured in the FortiWeb's Web Vulnerability Scan profile is visible in cleartext.

An information disclosure vulnerability in FortiWeb's Web Vulnerability Scan profile may allow a remote authenticated atta...

Apr 06, 2021 Risk

IR Number: FG-IR-20-076

FortiProxy multiple pre-auth XSS vulnerabilities on SSL VPN

An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenti...

Mar 02, 2021 Risk

IR Number: FG-IR-20-230

FortiProxy SSL VPN user credential plaintext storage

A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiProxy SSL VPN may allow an attacker to retrieve a...

Mar 02, 2021 Risk

IR Number: FG-IR-20-224

FortiProxy SSL-VPN Improper Access Control vulnerability through the Quick connection functionality

An improper access control vulnerability in FortiProxy SSL VPN portal may allow an authenticated, remote attacker to acces...

Mar 02, 2021 Risk

IR Number: FG-IR-20-235

Potential sensitive information can be displayed in cleartext in FortiProxy CLI window

A cleartext storage of sensitive information vulnerability in FortiProxy command line interface may allow an authenticated...

Mar 02, 2021 Risk

IR Number: FG-IR-20-236

XSS vulnerability in the Security Profiles comments section in FortiGate Cloud

An improper neutralization of input vulnerability in FortiGate Cloud may allow a remote authenticated attacker to perform ...

Feb 24, 2021 Risk

IR Number: FG-IR-20-193

XSS vulnerability in FortiWeb

An improper neutralization of input during web page generation in FortiWeb GUI interface may allow an unauthenticated, rem...

Feb 03, 2021 Risk

IR Number: FG-IR-20-122

Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request

A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perfo...

Feb 03, 2021 Risk

IR Number: FG-IR-20-232

Refine

PSIRT Advisories

Monthly PSIRT Advisories