• Filter by Date
  • Filter by Risk
  • Filter by Affected Product

PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

Two new attacks on IPsec IKE (Internet Key Exchange) were recently disclosed [1], involving multiple ways to perform attac...

Aug 27, 2018 Risk IR Number: FG-IR-18-214
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be poss...

Aug 27, 2018 Risk IR Number: FG-IR-17-302
On May 23, 2018, Talos disclosed in a blog post the discovery of a modular malware system they deemed "VPNFilter", affecti...

Aug 27, 2018 Risk IR Number: FG-IR-18-106
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.

Aug 27, 2018 Risk IR Number: FG-IR-18-016
Before August, 2018, parameters at /loginmgrlogin in forticloud.com were vulnerable to a Cross-Site-Scripting (XSS) attack.

Aug 24, 2018 Risk IR Number: FG-IR-18-026
FortiCloud password reset link requested by the user takes one hour to expire even after password was changed successful...

Aug 24, 2018 Risk IR Number: FG-IR-18-074
The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname ...

Aug 23, 2018 Risk IR Number: FG-IR-18-085
FortiWeb's "Recursive URL Decoding" feature can detect URL-based attacks (among which XSS and SQL injection attempts) even...

Aug 23, 2018 Risk IR Number: FG-IR-18-058