- Filter by Date
- 2018
- 8 08-2018
- 2018
- Filter by Severity
-
Filter by Affected Product
- All
- 1 FortiOS
- 1 FortiManager
- 0 FortiWeb
- 0 FortiProxy
- 0 FortiAnalyzer
- 0 FortiMail
- 0 FortiADC
- 0 FortiSandbox
- 0 FortiClientWindows
- 0 FortiPortal
- 0 FortiAuthenticator
- 0 FortiWAN
- 0 FortiNAC
- 0 FortiSIEM
- 0 FortiClientEMS
- 0 FortiSwitch
- 0 FortiWLC
- 0 FortiAP
- 0 FortiAP-W2
- 0 FortiClientMac
- 0 FortiRecorder
- 0 FortiSOAR
- 0 FortiTester
- 0 FortiAP-S
- 0 FortiVoiceEnterprise
- 0 FortiWLM
- 0 FortiAP-U
- 0 FortiDeceptor
- 0 AscenLink
- 0 FortiClientLinux
- 0 FortiDB
- 0 FortiDDoS
- 0 FortiEDR
- 0 Meru AP
- 0 FortiCache
- 0 FortiExtender
- 0 FortiADCManager
- 0 FortiAP-C
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiDDoS-CM
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice
All
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
Two new attacks on IPsec IKE (Internet Key Exchange) were recently disclosed [1], involving multiple ways to perform attac...
Aug 27, 2018
Severity
Medium
IR Number: FG-IR-18-214
CVE-2018-5389
Medium
IR Number: FG-IR-18-214
CVE-2018-5389
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be poss...
Aug 27, 2018
Severity
Medium
IR Number: FG-IR-17-302
CVE-2018-9192
Medium
IR Number: FG-IR-17-302
CVE-2018-9192
On May 23, 2018, Talos disclosed in a blog post the discovery of a modular malware system they deemed "VPNFilter", affecti...
Aug 27, 2018
Severity
Low
IR Number: FG-IR-18-106
Low
IR Number: FG-IR-18-106
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.
FortiManager
6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
Aug 27, 2018
Severity
Informational
IR Number: FG-IR-18-016
CVE-2018-1353
Before August, 2018, parameters at /loginmgrlogin in forticloud.com were vulnerable to a Cross-Site-Scripting (XSS) attack.
Aug 24, 2018
Severity
Medium
IR Number: FG-IR-18-026
Medium
IR Number: FG-IR-18-026
FortiCloud password reset link requested by the user takes one hour to
expire even after password was changed successful...
Aug 24, 2018
Severity
Low
IR Number: FG-IR-18-074
Low
IR Number: FG-IR-18-074
The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname ...
FortiOS
6.0.1, 6.0.0, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0
Aug 23, 2018
Severity
Informational
IR Number: FG-IR-18-085
CVE-2018-13365
FortiWeb's "Recursive URL Decoding" feature can detect URL-based attacks (among which XSS and SQL injection attempts) even...
Aug 23, 2018
Severity
Medium
IR Number: FG-IR-18-058
Medium
IR Number: FG-IR-18-058