PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiClient SSLVPN Linux client local privilege escalation vulnerability

Installing Forticlient SSLVPN Linux client build 2312 and lower in a home directory that is world readable-executable yields a...

Jul 24, 2015 Risk

IR Number: FG-IR-15-017

Multiple XSS vulnerabilities in FortiSandbox WebUI

The Web User Interface of FortiSandbox version 2.0.4 and below is vulnerable to multiple reflected Cross-Site Scripting vulnerabilities. 5...

Jul 24, 2015 Risk

IR Number: FG-IR-15-019

ZebOS routing remote shell service enabled

A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availability")...

Jul 24, 2015 Risk

IR Number: FG-IR-15-020

FortiOS supports weak ciphers suites when connecting to Fortiguard servers

When connecting to a FortiGuard server via TLS, FortiOS 5.2.3/5.0.11 and below is supporting multiple weak ciphers including anonymous,...

Jul 24, 2015 Risk

IR Number: FG-IR-15-021

"POODLE has friends" vulnerability

The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message. An attacker...

Jul 15, 2015 Risk

IR Number: FG-IR-15-016

CVE-2015-1793 OpenSSL "Alternative Chains Certificate Forgery"

OpenSSL released a security advisory in July 2015 to announce a high severity vulnerability affecting any application that verifies...

Jul 09, 2015 Risk

IR Number: FG-IR-15-015

Refine RESET

PSIRT Advisories

Refine
RESET