PSIRT Advisories
Monthly PSIRT Advisories
- 2022: May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability.
An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json)...
Oct 24, 2017
Severity
Medium
IR Number: FG-IR-17-206
CVE-2017-14182
A reflected XSS vulnerability exists in FortiOS web GUI "Login Disclaimer" redir parameter. It is potentially exploitable ...
Oct 24, 2017
Severity
Medium
IR Number: FG-IR-17-113
CVE-2017-7733
Multiple Remote Code Execution (RCE) vulnerabilities (CVE-2017-12615, CVE-2017-12617) are affecting Apache Tomcat.
Oct 24, 2017
Severity
High
IR Number: FG-IR-17-251
CVE-2017-12615
Several vulnerabilities affect the Wi-Fi Protected Access II (WPA2) protocol, potentially enabling Man-in-the-Middle (MitM...
Oct 16, 2017
Severity
High
IR Number: FG-IR-17-196
CVE-2017-13082
The FortiWLC file management AP script download webUI page is affected by an OS Command Injection vulnerability which may ...
Oct 13, 2017
Severity
Medium
IR Number: FG-IR-17-119
CVE-2017-7341
The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-san...
Oct 13, 2017
Severity
Medium
IR Number: FG-IR-17-106
CVE-2017-7335
There exists a reflected cross-site scripting (XSS) vulnerability on FortiMail customized pre-authentication webmail login...
Oct 13, 2017
Severity
Medium
IR Number: FG-IR-17-099
CVE-2017-7732