PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie f...

Apr 23, 2019 Risk IR Number: FG-IR-19-110
A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a...

FortiManager 5.4.1, 5.4.0, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
Apr 23, 2019 Risk IR Number: FG-IR-18-051 CVE-2018-1360
Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability (CVE-2018-16986) present in the Texas Instruments WiF...

FortiAP-S 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.3, 5.6.2, 5.6.1, 5.6.0 FortiAP-W2 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.3, 5.6.2, 5.6.1, 5.6.0
Apr 10, 2019 Risk IR Number: FG-IR-18-356 CVE-2018-16986
FortiSwitch is vulnerable to multiple Cross-site Scripting (XSS) attacks present in the jQuery javascript libraryCVE-2015-...

Apr 10, 2019 Risk IR Number: FG-IR-18-013 CVE-2015-9251
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing sett...

FortiOS 6.0.2, 6.0.1, 6.0.0, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.19, 4.3.18, 4.3.17, 4.3.16, 4.3.15, 4.3.14, 4.3.13, 4.3.12, 4.3.11, 4.3.10, 4.3.1, 4.3.0, 4.2.9, 4.2.8, 4.2.7, 4.2.6, 4.2.5, 4.2.4, 4.2.3, 4.2.2, 4.2.16, 4.2.15, 4.2.14, 4.2.13, 4.2.12, 4.2.11, 4.2.10, 4.2.1, 4.2.0, 4.1.9, 4.1.8, 4.1.7, 4.1.6, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.11, 4.1.10, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Apr 04, 2019 Risk IR Number: FG-IR-18-230 CVE-2018-13371
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox may allow an attacker to execute unauthorize...

FortiSandbox 2.5.2, 2.5.1, 2.5.0, 2.4.1, 2.4.0
Apr 03, 2019 Risk IR Number: FG-IR-18-024 CVE-2018-1356
An improper access control vulnerability in FortiClientMac may allow an attacker to affect the application's performance v...

FortiClientMac 6.0.4, 6.0.3, 6.0.2, 6.0.1
Apr 02, 2019 Risk IR Number: FG-IR-19-003 CVE-2019-5585