PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer may allow a remote authenticated attacker to p...

FortiAnalyzer 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
Oct 05, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-20-098 CVE-2021-24021
A path traversal vulnerability [CWE-22] in FortiClientEMS may allow an authenticated attacker to inject directory traversa...

FortiClientEMS 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Oct 05, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-20-074 CVE-2020-15941
An insufficiently protected credentials vulnerability [CWE-522] in FortiSDNConnector may allow an authenticated user to ob...

FortiSDNConnector 1.1.7, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.0
Oct 05, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-20-183 CVE-2021-36178
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox may allow an authenticated att...

FortiSandbox 3.2.2, 3.1.4
Oct 05, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-20-234 CVE-2021-26105
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager may allow a remote authenticated attacker to...

FortiWebManager 6.0.2
Oct 05, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-20-027 CVE-2021-36175