PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

A privilege escalation vulnerability in FortiClient for Linux may allow a user with low privilege to run root system comma...

Jan 27, 2020 Risk IR Number: FG-IR-19-238
Makers of popular WiFi hacking tool hashcat have discovered a way to improve password brute-forcing of the WPA/WPA2 wifi n...

Jan 27, 2020 Risk IR Number: FG-IR-18-199
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule...

Jan 27, 2020 Risk IR Number: FG-IR-19-197
A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH...

Jan 15, 2020 Risk IR Number: FG-IR-19-296
A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database ...

FortiSIEM 5.0, 5.1, 5.2
Jan 13, 2020 Risk IR Number: FG-IR-19-195
An improper neutralization of input during web page generation in FortiAuthenticator Agent for Outlook Web Access may allo...

Jan 06, 2020 Risk IR Number: FG-IR-19-104
Multiple vulnerabilities, referred to as Dragonblood, exist in WiFi WPA3 standard implementation .Dragonblood vulnerabilit...

Jan 03, 2020 Risk IR Number: FG-IR-19-107
Two improper access control vulnerabilities in FortiMail admin webUI may allow administrators to perform privileged functi...

Jan 03, 2020 Risk IR Number: FG-IR-19-237
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted H...

FortiGate 5.4, 5.6, 6.0
Jan 03, 2020 Risk IR Number: FG-IR-19-002