- Filter by Date
- 2021
- 21 11-2021
- 2021
- Filter by Severity
-
Filter by Affected Product
- All
- 6 FortiPortal
- 2 FortiClientWindows
- 2 FortiClientEMS
- 2 FortiWLM
- 2 FortiSIEMWindowsAgent
- 1 FortiOS
- 1 FortiManager
- 1 FortiAnalyzer
- 1 FortiWeb
- 1 FortiClientMac
- 0 FortiProxy
- 0 FortiADC
- 0 FortiMail
- 0 FortiSandbox
- 0 FortiWAN
- 0 FortiAuthenticator
- 0 FortiNAC
- 0 FortiSIEM
- 0 FortiWLC
- 0 FortiAP
- 0 FortiSOAR
- 0 FortiTester
- 0 FortiAP-W2
- 0 FortiSwitch
- 0 FortiRecorder
- 0 FortiVoiceEnterprise
- 0 FortiAP-S
- 0 FortiDeceptor
- 0 AscenLink
- 0 FortiAP-U
- 0 FortiClientLinux
- 0 FortiDB
- 0 FortiDDoS
- 0 FortiEDR
- 0 FortiCache
- 0 FortiExtender
- 0 Meru AP
- 0 FortiADCManager
- 0 FortiIsolator
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiAP-C
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiDDoS-CM
- 0 FortiSwitchManager
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice
All
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An unsafe search path vulnerability in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack atta...
FortiClientEMS
7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
FortiClientWindows
7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
Nov 29, 2021
Severity
High
IR Number: FG-IR-21-088
CVE-2021-32592
An improper neutralization of input during web page generation [CWE-79] in FortiAnalyzer may allow an attacker to perform ...
FortiAnalyzer
6.4.4, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-20-092
CVE-2020-12814
An improper control of generation of code vulnerability [CWE-94] in FortiClient for MacOS may allow an authenticated attac...
FortiClientMac
7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0
Nov 02, 2021
Severity
Low
IR Number: FG-IR-21-079
CVE-2021-42754
An improper authorization vulnerability [CWE-285] in FortiClient for Windows may allow a local unprivileged attacker to es...
FortiClientWindows
7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0
Nov 02, 2021
Severity
High
IR Number: FG-IR-20-079
CVE-2021-36183
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS may allow a remote authenticated attacker to ...
FortiClientEMS
6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-20-067
CVE-2020-15940
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager may allow a FortiGat...
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-21-103
CVE-2021-36192
Medium
IR Number: FG-IR-21-103
CVE-2021-36192
An improper access control vulnerability [CWE-284] in FortiManager may allow an authenticated attacker with a restricted u...
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS may allow the connection to a ...
FortiOS
7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1
Nov 02, 2021
Severity
Low
IR Number: FG-IR-21-074
CVE-2021-41019
Multiple uncontrolled resource consumption vulnerabilities [CWE-400] in the web interface of FortiPortal may allow a singl...
FortiPortal
6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-21-096
CVE-2021-32595
A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition')Â [CWE-362]Â in...
FortiPortal
6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Nov 02, 2021
Severity
Low
IR Number: FG-IR-21-102
CVE-2021-36181
Multiple improper neutralization of input during web page generation vulnerabilities [CWE-79] in both the customer and pro...
FortiPortal
6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-21-100
CVE-2021-36176
A memory allocation with excessive size value vulnerability [CWE-789] in the license verification function of FortiPortal ...
FortiPortal
6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-21-109
CVE-2021-36174
An improper restriction of XML external entity reference vulnerability [CWE-611]Â in the parser of XML responses of FortiP...
FortiPortal
6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Nov 02, 2021
Severity
Low
IR Number: FG-IR-21-104
CVE-2021-36172
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI may allow a remot...
FortiPortal
6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-20-066
CVE-2021-32602
A plaintext storage of a password vulnerability [CWE-256] in the FortiSIEM Windows Agent may allow an authenticated user t...
FortiSIEMWindowsAgent
4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.1, 4.0.0, 3.3.1, 3.3.0, 3.2.3, 3.2.2, 3.2.1, 3.2.0, 3.1.3, 3.1.2, 3.1.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-21-175
CVE-2021-41023