PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow a remote authenticated attacker...

Jan 04, 2021 Risk IR Number: FG-IR-20-103
A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL...

Jan 04, 2021 Risk IR Number: FG-IR-20-124
A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the content...

Jan 04, 2021 Risk IR Number: FG-IR-20-125
A stack-based buffer overflow vulnerability in FortiWeb may allow a remote, unauthenticated attacker to crash the httpd daemon...

Jan 04, 2021 Risk IR Number: FG-IR-20-126
A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and retrieve...

Jan 04, 2021 Risk IR Number: FG-IR-20-123
An OS command injection vulnerability in FortiDeceptor may allow a remote authenticated attacker to execute arbitrary commands...

Jan 04, 2021 Risk IR Number: FG-IR-20-177
FortiClient and FortiOS AV engines may not immediately detect certain types of malformed or non-standard RAR archives, potentially...

Dec 01, 2020 Risk IR Number: FG-IR-20-037
During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in...

Dec 01, 2020 Risk IR Number: FG-IR-20-035
An improper neutralization of input vulnerability in the FortiGate may allow a remote attacker to perform a stored cross site...

FortiOS 6.2, 6.4
Dec 01, 2020 Risk IR Number: FG-IR-20-068
A cleartext storage of sensitive information in GUI in FortiADC may allow a remote authenticated attacker to retrieve some sensitive...

Nov 03, 2020 Risk IR Number: FG-IR-20-044
An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker...

Nov 03, 2020 Risk IR Number: FG-IR-20-105
A cleartext storage of sensitive information vulnerability in FortiOS command line interface may allow an authenticated attacker...

Oct 19, 2020 Risk IR Number: FG-IR-20-009
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux may allow local users to elevate...

Oct 19, 2020 Risk IR Number: FG-IR-20-110
The Apache project released an advisory on August 7th 2020, which describes the following vulnerabilities:1) CVE-2020-9490 Apache...

Oct 05, 2020 Risk IR Number: FG-IR-20-128
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS may allow an authenticated remote attacker to crash...

Oct 01, 2020 Risk IR Number: FG-IR-19-248