PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json)...

Oct 24, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-17-206 CVE-2017-14182
A reflected XSS vulnerability exists in FortiOS web GUI "Login Disclaimer" redir parameter. It is potentially exploitable ...

Oct 24, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-17-113 CVE-2017-7733
The FortiWLC file management AP script download webUI page is affected by an OS Command Injection vulnerability which may ...

Oct 13, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-17-119 CVE-2017-7341
The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-san...

Oct 13, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-17-106 CVE-2017-7335
There exists a reflected cross-site scripting (XSS) vulnerability on FortiMail customized pre-authentication webmail login...

Oct 13, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-17-099 CVE-2017-7732