PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An insufficient session expiration vulnerability in FortiIsolator may allow an attacker to reuse the unexpired admin user ...

FortiIsolator 2.0.0
Jan 21, 2021 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-20-011 CVE-2020-6649
An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow a remote authenticated ...

FortiOS 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
Jan 04, 2021 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-20-103 CVE-2020-29010
A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary...

Jan 04, 2021 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-20-124 CVE-2020-29015
A stack-based buffer overflow vulnerability in FortiWeb may allow a remote, unauthenticated attacker to crash the httpd da...

Jan 04, 2021 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-20-126 CVE-2020-29019
A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and re...

Jan 04, 2021 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-20-123 CVE-2020-29018