PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiGate firmware (FortiOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerabilit...

Aug 17, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon High IR Number: FG-IR-16-023 CVE-2016-6909
Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow ma...

Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-022
A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this ...

Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-020
An XSS vulnerablity in FortiManager/FortiAnalyzer could allow privileged guest user accounts and restricted user accounts ...

Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-016 CVE-2016-3193
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input f...

Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-017 CVE-2016-3194
A client side XSS vulnerablity in FortiManager/FortiAnalyzer could allow malicious script being injected in the Web-UI; th...

Aug 09, 2016 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-16-015 CVE-2016-3195