- Filter by Date
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
- 2014
- 2013
- 2012
- Filter by Risk
-
22
-
58
-
198
-
68
-
11
-
22
-
Filter by Affected Product
- All
- 55 FortiOS
- 26 FortiManager
- 21 FortiAnalyzer
- 15 FortiSandbox
- 14 FortiMail
- 10 FortiPortal
- 10 FortiWeb
- 9 FortiProxy
- 9 FortiWLC
- 8 FortiADC
September
(12)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sen...
FortiOS
6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.19, 4.3.18, 4.3.17, 4.3.16, 4.3.15, 4.3.14, 4.3.13, 4.3.12, 4.3.11, 4.3.10, 4.3.1, 4.3.0, 4.2.9, 4.2.8, 4.2.7, 4.2.6, 4.2.5, 4.2.4, 4.2.3, 4.2.2, 4.2.16, 4.2.15, 4.2.14, 4.2.13, 4.2.12, 4.2.11, 4.2.10, 4.2.1, 4.2.0, 4.1.9, 4.1.8, 4.1.7, 4.1.6, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.11, 4.1.10, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Jul 26, 2019
Risk
IR Number: FG-IR-19-037
CVE-2019-5591
FortiOS Explicit Web Proxy by default allows non-standard HTTP traffic. FortiOS SSL/SSH Inspection Profile by default allo...
Multiple Fortinet products may be affected by the following Linux Kernel vulnerability:CVE-2016-10229 Linux Kernel ipv4/ud...
FortiManager
5.4.2
FortiAP
5.6.0, 5.4.2
FortiADC
4.8.0
FortiSandbox
3.0.6, 3.0.5, 3.0.4
FortiAnalyzer
5.4.2
FortiWeb
5.7.3, 5.7.2
Meru Controller
8.4.5, 8.4.4
FortiWAN-Manager
4.3.0
FortiWAN
4.3.1
FortiPortal
5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 0.4.24, 0.4.23, 0.4.20, 0.4.10
FortiWebManager
6.0.0
FortiCache
4.2.2
FortiDDoS
4.3.2, 4.3.1
FortiOS
5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
FortiAuthenticator
5.0.0
FortiVoiceEnterprise
5.3.6
AscenLink
7.2.19
FortiWLM
8.4.0
FortiWLC
8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2
Jul 24, 2019
Risk
IR Number: FG-IR-17-118
CVE-2016-10229
FortiOS by default enables TCP timestamp response, which may lead to information disclosure.The TCP timestamp response can...
Certificates taken out of service could potentially be improperly re-used. Impact detailFortinet has already taken steps t...
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in FortiNAC admin webUI may allow an ...
The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized...
Server Message Block (SMB) 1.0 - a legacy file and print sharing protocol - has been deprecated by Microsoft due to multip...
Failure to sanitize the login redir parameter in the SSL-VPN web portal may allow an attacker to perform a Cross-site Scri...
FortiOS
6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
May 24, 2019
Risk
IR Number: FG-IR-17-242
CVE-2017-14186
Failure to properly parse message payloads in the SSL VPN portal of FortiOS may allow a non-authenticated attacker to perf...
FortiOS
6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0
May 17, 2019
Risk
IR Number: FG-IR-18-387
CVE-2018-13381
Failure to sanitize input in the customized data pattern webpage of FortiCASB may allow an authenticated attacker to cond...
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie f...
A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a...
FortiManager
5.4.1, 5.4.0, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
Apr 23, 2019
Risk
IR Number: FG-IR-18-051
CVE-2018-1360
Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability (CVE-2018-16986) present in the Texas Instruments WiF...
FortiAP-S
6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.3, 5.6.2, 5.6.1, 5.6.0
FortiAP-W2
6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.3, 5.6.2, 5.6.1, 5.6.0
Apr 10, 2019
Risk
IR Number: FG-IR-18-356
CVE-2018-16986
FortiSwitch is vulnerable to multiple Cross-site Scripting (XSS) attacks present in the jQuery javascript libraryCVE-2015-...