PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager, FortiAnalyzer, and F...

FortiAnalyzer 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0 FortiManager 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0 FortiPortal 6.0.4
Aug 03, 2021 Risk IR Number: FG-IR-21-037 CVE-2021-26104
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal may allow a remote and unauthenticated attacker to ...

FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0
Aug 03, 2021 Risk IR Number: FG-IR-21-077 CVE-2021-32588
A protection mechanism failure vulnerability (CWE-693) resulting in improperly limiting pathname to a restricted directory...

FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Aug 03, 2021 Risk IR Number: FG-IR-21-085 CVE-2021-36168
Multiple improper neutralization of special elements used in an SQL command vulnerabilities (CWE-89) in FortiPortal may al...

FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Aug 03, 2021 Risk IR Number: FG-IR-21-084 CVE-2021-32590
An unrestricted file upload vulnerability (CWE-434) in the web interface of FortiPortal may allow a low-privileged user to...

FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Aug 03, 2021 Risk IR Number: FG-IR-21-092 CVE-2021-32594
A use of one-way hash with a predictable salt (CWE-760) vulnerability in the password storing mechanism of FortiPortal may...

FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Aug 03, 2021 Risk IR Number: FG-IR-21-094 CVE-2021-32596
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI may allow a remot...

FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Aug 03, 2021 Risk IR Number: FG-IR-20-066 CVE-2021-32602