• Filter by Date
  • Filter by Risk
  • Filter by Affected Product

PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

The pam.log file generated by FortiWLC contains authenticated users credentials (local admin and users authenticated against external...

Sep 30, 2016 Risk IR Number: FG-IR-16-030
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which...

Sep 30, 2016 Risk IR Number: FG-IR-16-029
A vulnerability in FortiDDoS allows escalation of privilege via remote OS injection through crafted URLs sent to the GUI. The...

Sep 28, 2016 Risk IR Number: FG-IR-16-037
OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities.CVE-2016-2108; CVE-2016-2107;...

Sep 22, 2016 Risk IR Number: FG-IR-16-026
One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation...

Sep 12, 2016 Risk IR Number: FG-IR-16-021
FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities.CVE-2016-4965:...

Sep 07, 2016 Risk IR Number: FG-IR-16-045