Filter by Date
- 2022
  - 7 02-2022
Filter by Severity
- 0 Critical
- 5 High
- 2 Medium
- 0 Low
- 0 Informational
Filter by Affected Product
- All
- 2 FortiWeb
- 1 FortiMail
- 1 FortiAuthenticator
- 1 FortiExtender
- 0 FortiOS
- 0 FortiProxy
- 0 FortiManager
- 0 FortiAnalyzer
- 0 FortiADC
- 0 FortiSandbox
- 0 FortiClientWindows
- 0 FortiPortal
- 0 FortiWAN
- 0 FortiNAC
- 0 FortiSIEM
- 0 FortiClientEMS
- 0 FortiWLC
- 0 FortiClientMac
- 0 FortiAP
- 0 FortiSOAR
- 0 FortiTester
- 0 FortiAP-W2
- 0 FortiSwitch
- 0 FortiWLM
- 0 FortiRecorder
- 0 FortiVoiceEnterprise
- 0 FortiAP-S
- 0 FortiDeceptor
- 0 AscenLink
- 0 FortiAP-U
- 0 FortiClientLinux
- 0 FortiDB
- 0 FortiDDoS
- 0 FortiEDR
- 0 FortiCache
- 0 Meru AP
- 0 FortiADCManager
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiAP-C
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiDDoS-CM
- 0 FortiSwitchManager
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2023: May , Apr , Mar , Feb , Jan
2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiAuthenticator - Improper access control in HA service

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service may allow an attacker on the same vlan...

FortiAuthenticator 6.3.2, 6.3.1, 6.3.0, 6.2.2, 6.2.1, 6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Feb 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Medium IR Number: FG-IR-20-217 CVE-2021-36177

FortiExtender - Arbitrary command execution because of missing CLI input sanitization

An improper neutralization of special elements used in a command vulnerability ('Command Injection') [CWE-77] in FortiExte...

FortiExtender 7.0.1, 7.0.0, 4.2.3, 4.2.2, 4.2.1, 4.2.0, 4.1.7, 4.1.6, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.1

Feb 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-148 CVE-2021-41016

FortiMail - reflected cross-site scripting vulnerability in FortiGuard URI protection

An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in FortiMai...

FortiMail 7.0.1, 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Feb 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Medium IR Number: FG-IR-21-185 CVE-2021-43062

FortiWeb - OS command injection due to direct input interpolation in API controllers

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilityÂ [CWE-78] in F...

FortiWeb 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.9.1, 5.9.0

Feb 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-180 CVE-2021-43073

FortiWeb - OS command injection due to unsafe input validation function

An improper neutralization of special elements used in an OS command vulnerabilityÂ ('OS Command Injection') [CWE-78] in F...

FortiWeb 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Feb 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-166 CVE-2021-41018

FortiWeb - Stack-based buffer overflow in command line interpreter

Multiple stack-based buffer overflows [CWE-121] in the command line interpreter of FortiWeb may allow an authenticated att...

Feb 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-132 CVE-2021-36193

FortiWeb - arbitrary file/directory deletion

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb manag...

Feb 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-158 CVE-2021-42753