PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

CVE-2019-11477:The Linux kernel is vulnerable to an integer overflow in the 16 bit width of  TCP_SKB_CB(skb)->tcp_gso_segs...

Nov 29, 2019 Risk IR Number: FG-IR-19-180 CVE-2019-11477
Failure to sanitize the error or message handling parameters in the SSL VPN web portal may allow an attacker to perform a ...

FortiOS 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
Nov 26, 2019 Risk IR Number: FG-IR-18-383 CVE-2018-13380
A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for l...

FortiOS 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0
Nov 26, 2019 Risk IR Number: FG-IR-18-388 CVE-2018-13383
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may a...

FortiOS 6.2.1, 6.2.0
Nov 25, 2019 Risk IR Number: FG-IR-19-184 CVE-2019-6697
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restori...

FortiOS 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0 FortiADC 5.2.2, 5.1.4
Nov 14, 2019 Risk IR Number: FG-IR-17-053 CVE-2017-17544
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before...

Nov 14, 2019 Risk IR Number: FG-IR-19-017 CVE-2019-5587
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private key...

FortiOS 6.2.1, 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
Nov 14, 2019 Risk IR Number: FG-IR-19-134 CVE-2019-5593
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an una...

Nov 14, 2019 Risk IR Number: FG-IR-19-099 CVE-2019-3855
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS may allow an unauthenticated remote attacker t...

FortiOS 6.2.1, 6.2.0, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0
Nov 08, 2019 Risk IR Number: FG-IR-19-236 CVE-2019-15705
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker  to read sen...

FortiClientMac 6.2.0, 6.0.7
Nov 08, 2019 Risk IR Number: FG-IR-19-227 CVE-2019-15704
An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbi...

FortiExtender 4.1.1, 4.0.0, 3.3.2, 3.3.1, 3.3.0, 3.2.3, 3.2.2, 3.2.1, 3.1.2, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 0.4.10
Nov 01, 2019 Risk IR Number: FG-IR-19-273 CVE-2019-15710