PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

Cookie Parser Buffer Overflow Vulnerability
FortiGate firmware (FortiOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerabilit...
Aug 17, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon High IR Number: FG-IR-16-023 CVE-2016-6909
FortiCloud Cross Site Script Persistent Web Vulnerabilities
Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow ma...
Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-022
FortiVoice 5.0 Filter Bypass & Persistent Web Vulnerabilities
A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this ...
Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-020
FortiManager and FortiAnalyzer Persistent XSS vulnerability
An XSS vulnerablity in FortiManager/FortiAnalyzer could allow privileged guest user accounts and restricted user accounts ...
Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-016 CVE-2016-3193
FortiManager and FortiAnalyzer XSS vulnerability
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input f...
Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-017 CVE-2016-3194
FortiManager and FortiAnalyzer Client Side XSS vulnerability
A client side XSS vulnerablity in FortiManager/FortiAnalyzer could allow malicious script being injected in the Web-UI; th...
Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-015 CVE-2016-3195