PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate on port 80/443, it is not redirected to t...

FortiOS 6.2.4
Jan 21, 2021 Risk IR Number: FG-IR-20-172 CVE-2020-15938
An insufficient session expiration vulnerability in FortiIsolator may allow an attacker to reuse the unexpired admin user ...

FortiIsolator 2.0.0
Jan 21, 2021 Risk IR Number: FG-IR-20-011 CVE-2020-6649
An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow a remote authenticated ...

FortiOS 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
Jan 04, 2021 Risk IR Number: FG-IR-20-103 CVE-2020-29010
A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary...

Jan 04, 2021 Risk IR Number: FG-IR-20-124 CVE-2020-29015
A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the con...

Jan 04, 2021 Risk IR Number: FG-IR-20-125 CVE-2020-29016
A stack-based buffer overflow vulnerability in FortiWeb may allow a remote, unauthenticated attacker to crash the httpd da...

Jan 04, 2021 Risk IR Number: FG-IR-20-126 CVE-2020-29019
A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and re...

Jan 04, 2021 Risk IR Number: FG-IR-20-123 CVE-2020-29018
An OS command injection vulnerability in FortiDeceptor may allow a remote authenticated attacker to execute arbitrary comm...

Jan 04, 2021 Risk IR Number: FG-IR-20-177 CVE-2020-29017