Filter by Date
- 2022
  - 9 11-2022
Filter by Severity
- 0 Critical
- 6 High
- 0 Medium
- 3 Low
- 0 Informational
Filter by Affected Product
- All
- 2 FortiOS
- 2 FortiADC
- 1 FortiManager
- 1 FortiAnalyzer
- 1 FortiProxy
- 1 FortiSIEM
- 1 FortiClientMac
- 1 FortiTester
- 1 FortiDeceptor
- 0 FortiWeb
- 0 FortiMail
- 0 FortiSandbox
- 0 FortiPortal
- 0 FortiClientWindows
- 0 FortiWAN
- 0 FortiAuthenticator
- 0 FortiNAC
- 0 FortiRecorder
- 0 FortiSwitch
- 0 FortiClientEMS
- 0 FortiDDoS
- 0 FortiVoiceEnterprise
- 0 FortiAP
- 0 FortiWLC
- 0 FortiAP-W2
- 0 FortiAP-S
- 0 FortiSOAR
- 0 FortiWLM
- 0 FortiNDR
- 0 FortiAP-U
- 0 FortiDDoS-F
- 0 AscenLink
- 0 FortiClientLinux
- 0 FortiDB
- 0 FortiEDR
- 0 Meru AP
- 0 FortiADCManager
- 0 FortiCache
- 0 FortiDDoS-CM
- 0 FortiExtender
- 0 FortiIsolator
- 0 FortiSwitchManager
- 0 FortiAP-C
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiSIEMWindowsAgent
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiAnalyzer-BigData
- 0 FortiFone
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiExplorer Windows
- 0 FortiGuard
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2023: Mar , Feb , Jan
2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiADC - Persistent XSS in Log pages

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC may allow a remote unaut...

FortiADC 7.0.2, 7.0.1, 7.0.0, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Nov 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-22-232 CVE-2022-38374

FortiADC - Stored XSS vulnerability in external resource page

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface may...

FortiADC 7.1.0

Nov 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-22-314 CVE-2022-35851

FortiClient (MAC) - FortiTray stores the SSLVPN password in cleartext

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac may allow a l...

FortiClientMac 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0

Nov 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Low IR Number: FG-IR-22-246 CVE-2022-33878

FortiDeceptor - Reflected XSS vulnerability on Lure Resources page

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interfac...

FortiDeceptor 4.2.0, 4.1.1, 4.1.0, 4.0.2

Nov 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-22-331 CVE-2022-38373

FortiManager/FortiAnalyzer - XSS Vulnerability in Report Templates

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiManager and FortiAnalyzer re...

FortiAnalyzer 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0 FortiManager 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0

Nov 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-228 CVE-2022-39950

FortiOS - RSA SSH host key lost at shutdown

A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS may allow an unauthenticated atta...

FortiOS 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0 FortiProxy 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.12, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0

Nov 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Low IR Number: FG-IR-22-228 CVE-2022-30307

FortiOS -- Telnet on the SSL-VPN interface results in information leak

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN may allow a remot...

FortiOS 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0

Nov 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Low IR Number: FG-IR-22-223 CVE-2022-35842

FortiSIEM - Glassfish local credentials stored in plain text

An improper authentification vulnerability [CWE-287] in FortiSIEM may allow a local attacker with CLI access to perform op...

FortiSIEM 6.4.2, 6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0

Nov 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-22-064 CVE-2022-26119

FortiTester - Command injection in CLI command

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interprete...

FortiTester 7.1.0, 7.0.0, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0

Nov 01, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-22-070 CVE-2022-33870