Filter by Date
- 2021
  - 10 11-2021
Filter by Severity
- 0 Critical
- 6 High
- 0 Medium
- 4 Low
- 0 Informational
Filter by Affected Product
- All
- 2 FortiPortal
- 2 FortiClientWindows
- 2 FortiWLM
- 1 FortiOS
- 1 FortiWeb
- 1 FortiClientEMS
- 1 FortiClientMac
- 1 FortiSIEMWindowsAgent
- 0 FortiManager
- 0 FortiAnalyzer
- 0 FortiProxy
- 0 FortiMail
- 0 FortiADC
- 0 FortiSandbox
- 0 FortiWAN
- 0 FortiAuthenticator
- 0 FortiNAC
- 0 FortiRecorder
- 0 FortiSIEM
- 0 FortiSwitch
- 0 FortiDDoS
- 0 FortiVoiceEnterprise
- 0 FortiAP
- 0 FortiWLC
- 0 FortiAP-W2
- 0 FortiTester
- 0 FortiAP-S
- 0 FortiSOAR
- 0 FortiNDR
- 0 FortiAP-U
- 0 FortiDDoS-F
- 0 FortiDeceptor
- 0 AscenLink
- 0 FortiClientLinux
- 0 FortiDB
- 0 FortiEDR
- 0 Meru AP
- 0 FortiADCManager
- 0 FortiCache
- 0 FortiDDoS-CM
- 0 FortiExtender
- 0 FortiIsolator
- 0 FortiSwitchManager
- 0 FortiAP-C
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiAnalyzer-BigData
- 0 FortiFone
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiExplorer Windows
- 0 FortiGuard
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2023: Mar , Feb , Jan
2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiClientWindows & FortiClient EMS - Privilege escalation via DLL Hijacking

An unsafe search path vulnerability in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack atta...

FortiClientEMS 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0 FortiClientWindows 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0

Nov 29, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-088 CVE-2021-32592

FortiClient (MacOS) - Dylib injection Vulnerability observed in FortiClientMacOS

An improper control of generation of code vulnerability [CWE-94] in FortiClient for MacOS may allow an authenticated attac...

FortiClientMac 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

Nov 02, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Low IR Number: FG-IR-21-079 CVE-2021-42754

FortiClient (Windows) - Privilege escalation vulnerability

An improper authorization vulnerability [CWE-285] in FortiClient for Windows may allow a local unprivileged attacker to es...

FortiClientWindows 7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0

Nov 02, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-20-079 CVE-2021-36183

FortiOS - Missing certificate CN/SAN validation leads to information disclosure

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS may allow the connection to a ...

FortiOS 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1

Nov 02, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Low IR Number: FG-IR-21-074 CVE-2021-41019

FortiPortal - Improper thread synchronization for database operations

A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') [CWE-362] in t...

FortiPortal 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0

Nov 02, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Low IR Number: FG-IR-21-102 CVE-2021-36181

FortiPortal - XML parser is vulnerable to XXE attacks

An improper restriction of XML external entity reference vulnerability [CWE-611] in the parser of XML responses of FortiPo...

FortiPortal 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0

Nov 02, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Low IR Number: FG-IR-21-104 CVE-2021-36172

FortiSIEM - privilege escalation by script executionution in Windows Agent

An improper privilege management vulnerability [CWE-269] in the FortiSIEM Windows Agent may allow an authenticated user to...

FortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.1, 4.0.0, 3.3.1, 3.3.0, 3.2.3, 3.2.2, 3.2.1, 3.2.0, 3.1.3, 3.1.2, 3.1.0

Nov 02, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-176 CVE-2021-41022

FortiWLM - Command injection in script handlers

An improper neutralization of special elements used in an OS command vulnerability ('OS Command Injection') [CWE-78] in Fo...

FortiWLM 8.6.1, 8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2

Nov 02, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-110 CVE-2021-36185

FortiWLM - SQL Injection in script handlers

An improper neutralization of special elements [CWE-79] used in an SQL command vulnerability ('SQL Injection') [CWE-89] in...

FortiWLM 8.6.1, 8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2

Nov 02, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-107 CVE-2021-36184

FortiWeb - Stack-Based Buffer Overflow vulnerability

A stack-based buffer overflow [CWE-121] vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the c...

FortiWeb 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Nov 02, 2021 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-119 CVE-2021-36186