PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An information disclosure vulnerability [CWE-200] in FortiAnalyzer and FortiManager VM may allow an authenticated attacker...

FortiManager 7.0.0, 6.4.6 FortiAnalyzer 7.0.0, 6.4.6
Oct 05, 2021 Risk IR Number: FG-IR-21-112 CVE-2021-36170
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer may allow a remote authenticated attacker to p...

FortiAnalyzer 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
Oct 05, 2021 Risk IR Number: FG-IR-20-098 CVE-2021-24021
A path traversal vulnerability [CWE-22] in FortiClientEMS may allow an authenticated attacker to inject directory traversa...

FortiClientEMS 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Oct 05, 2021 Risk IR Number: FG-IR-20-074 CVE-2020-15941
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS may allow an attacker to reuse the unexpired...

FortiClientEMS
Oct 05, 2021 Risk IR Number: FG-IR-20-072 CVE-2021-24019
An insufficiently protected credentials vulnerability [CWE-522] in FortiSDNConnector may allow an authenticated user to ob...

FortiSDNConnector 1.1.7, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.0
Oct 05, 2021 Risk IR Number: FG-IR-20-183 CVE-2021-36178
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox may allow an authenticated att...

FortiSandbox 3.2.2, 3.1.4
Oct 05, 2021 Risk IR Number: FG-IR-20-234 CVE-2021-26105
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager may allow a remote authenticated attacker to...

FortiWebManager 6.0.2
Oct 05, 2021 Risk IR Number: FG-IR-20-027 CVE-2021-36175