PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

Two new attacks on IPsec IKE (Internet Key Exchange) were recently disclosed [1], involving multiple ways to perform attac...

Aug 27, 2018 Risk IR Number: FG-IR-18-214 CVE-2018-5389
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be poss...

Aug 27, 2018 Risk IR Number: FG-IR-17-302 CVE-2018-9192
On May 23, 2018, Talos disclosed in a blog post the discovery of a modular malware system they deemed "VPNFilter", affecti...

Aug 27, 2018 Risk IR Number: FG-IR-18-106
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.

FortiManager 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
Aug 27, 2018 Risk IR Number: FG-IR-18-016 CVE-2018-1353
Before August, 2018, parameters at /loginmgrlogin in forticloud.com were vulnerable to a Cross-Site-Scripting (XSS) attack.

Aug 24, 2018 Risk IR Number: FG-IR-18-026
FortiCloud password reset link requested by the user takes one hour to expire even after password was changed successful...

Aug 24, 2018 Risk IR Number: FG-IR-18-074
The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname ...

FortiOS 6.0.1, 6.0.0, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0
Aug 23, 2018 Risk IR Number: FG-IR-18-085 CVE-2018-13365
FortiWeb's "Recursive URL Decoding" feature can detect URL-based attacks (among which XSS and SQL injection attempts) even...

Aug 23, 2018 Risk IR Number: FG-IR-18-058