• Filter by Date
  • Filter by Risk
  • Filter by Affected Product

PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

The pam.log file generated by FortiWLC contains authenticated users credentials (local admin and users authenticated again...

Sep 30, 2016 Risk IR Number: FG-IR-16-030 CVE-2016-7561
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account...

Sep 30, 2016 Risk IR Number: FG-IR-16-029 CVE-2016-7560
A vulnerability in FortiDDoS allows escalation of privilege via remote OS injection through crafted URLs sent to the GUI. ...

Sep 28, 2016 Risk IR Number: FG-IR-16-037
OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities.CVE-2016-2108; CVE-2016-2...

Sep 22, 2016 Risk IR Number: FG-IR-16-026 CVE-2016-2108
One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the...

Sep 12, 2016 Risk IR Number: FG-IR-16-021
FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities.C...

Sep 07, 2016 Risk IR Number: FG-IR-16-045 CVE-2016-4965