PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

On FortiAuthenticator, a HTML page is returned to the user when the CSRF validation fails on referer mismatch. This page d...

May 29, 2018 Risk IR Number: FG-IR-18-059 CVE-2018-9186
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via spec...

FortiOS 5.6.2, 5.6.1, 5.6.0, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0
May 18, 2018 Risk IR Number: FG-IR-17-231 CVE-2017-14185
An admin user with super_admin privileges can execute an arbitrary binary contained on an USB drive plugged to a FortiGate...

FortiOS 5.6.2, 5.6.1, 5.6.0, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0
May 18, 2018 Risk IR Number: FG-IR-17-245 CVE-2017-14187
US-Cert published a document at https://www.us-cert.gov/ncas/alerts/TA17-075A which outlines some security flaws that may ...

May 16, 2018 Risk IR Number: FG-IR-17-160 CVE-2005-4900
FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had re...

May 04, 2018 Risk IR Number: FG-IR-17-274 CVE-2017-17539