PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability.

FortiClientWindows 5.4.2, 5.4.1
Oct 31, 2017 Risk IR Number: FG-IR-16-095 CVE-2016-8493
An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json)...

Oct 24, 2017 Risk IR Number: FG-IR-17-206 CVE-2017-14182
A reflected XSS vulnerability exists in FortiOS web GUI "Login Disclaimer" redir parameter. It is potentially exploitable ...

Oct 24, 2017 Risk IR Number: FG-IR-17-113 CVE-2017-7733
Multiple Remote Code Execution (RCE) vulnerabilities (CVE-2017-12615, CVE-2017-12617) are affecting Apache Tomcat.

Oct 24, 2017 Risk IR Number: FG-IR-17-251 CVE-2017-12615
Several vulnerabilities affect the Wi-Fi Protected Access II (WPA2) protocol, potentially enabling Man-in-the-Middle (MitM...

Oct 16, 2017 Risk IR Number: FG-IR-17-196 CVE-2017-13082
The FortiWLC file management AP script download webUI page is affected by an OS Command Injection vulnerability which may ...

Oct 13, 2017 Risk IR Number: FG-IR-17-119 CVE-2017-7341
The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-san...

Oct 13, 2017 Risk IR Number: FG-IR-17-106 CVE-2017-7335
There exists a reflected cross-site scripting (XSS) vulnerability on FortiMail customized pre-authentication webmail login...

Oct 13, 2017 Risk IR Number: FG-IR-17-099 CVE-2017-7732