PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file

An information disclosure vulnerability exists in the SSL-VPN web portal of FortiOS: when pages bookmarked in the web portal use...

Jun 22, 2018 Risk

IR Number: FG-IR-18-027

OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer and FortiManager

An open redirect vulnerability exists in FortiAnalyzer and FortiManager when a user of the GUI is converting an HTML table to...

Jun 22, 2018 Risk

IR Number: FG-IR-18-022

FortiAnalyzer and FortiManager admin user avatar setting improper access control

An improper access control vulnerability exists in FortiAnalyzer and FortiManager, whereby a regular user of the GUI can edit...

Jun 22, 2018 Risk

IR Number: FG-IR-18-014

FortiManager XSS vulnerability when view config under Revision History

A potential Cross-site Scripting (XSS) vulnerability exists in FortiManager: Displayed data is not sanitized when an administrator...

Jun 22, 2018 Risk

IR Number: FG-IR-18-006

ISC BIND vulnerabilities

Multiple Denial of Service (DoS) or process crash vulnerabilities (CVE-2018-5737, CVE-2018-5736) are affecting ISC BIND.

Jun 05, 2018 Risk

IR Number: FG-IR-18-112

Refine RESET

PSIRT Advisories

Refine
RESET