PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensi...

FortiOS 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.12, 6.0.11, 6.0.10, 5.6.3, 5.6.2, 5.6.1, 5.4.7, 5.4.6, 5.2.15, 5.2.14, 5.2.13, 5.2.12
Nov 22, 2018 Risk IR Number: FG-IR-18-325 CVE-2018-13376
libssh versions 0.6 and above have an authentication bypass vulnerability inthe server code. By presenting the server an S...

Nov 21, 2018 Risk IR Number: FG-IR-18-336 CVE-2018-10933
An attacker could send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is e...

FortiAnalyzer 5.6.0, 5.4.5
Nov 16, 2018 Risk IR Number: FG-IR-18-121 CVE-2018-13375
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packet...

FortiOS 6.0.1, 6.0.0, 5.6.7, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
Nov 16, 2018 Risk IR Number: FG-IR-18-101 CVE-2018-13366