PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated...

FortiSIEM 5.2.5
Mar 12, 2020 Risk IR Number: FG-IR-19-240 CVE-2019-17653
An improper neutralization of input vulnerability in FortiManager GUI may allow an authenticated attacker to perform an XS...

FortiManager 6.2.1
Mar 11, 2020 Risk IR Number: FG-IR-19-271 CVE-2019-16158
An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being ...

FortiWeb 6.2.0
Mar 11, 2020 Risk IR Number: FG-IR-19-269 CVE-2019-16157
Multiple unsafe search path vulnerabilities in FortiClient online installers may allow an attacker with control over the d...

Mar 09, 2020 Risk IR Number: FG-IR-19-060 CVE-2019-5589
An improper neutralization of input vulnerability in the FortiADC may allow an attacker to execute a stored Cross Site Scr...

FortiADC 5.3.3, 5.3.2, 5.3.1
Mar 09, 2020 Risk IR Number: FG-IR-19-220 CVE-2019-6699
An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a store...

FortiWeb 6.3.0, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.9.1, 5.9.0
Mar 09, 2020 Risk IR Number: FG-IR-20-001 CVE-2020-6646
An unquoted service path vulnerability in the FortiClient FortiTray component may allow an attacker to gain elevated privi...

FortiClientWindows 6.2.2
Mar 09, 2020 Risk IR Number: FG-IR-19-281 CVE-2019-17658
Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may all...

Mar 09, 2020 Risk IR Number: FG-IR-19-258 CVE-2020-6641
An improper neutralization of input vulnerability in the URL Description of FortiIsolator may allow a remote authenticated...

FortiIsolator 1.2.2
Mar 09, 2020 Risk IR Number: FG-IR-19-270 CVE-2020-6643
An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauth...

FortiWeb 6.2.1, 6.2.0, 6.1.1
Mar 09, 2020 Risk IR Number: FG-IR-19-265 CVE-2019-16156