PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

A cross-site-scripting vulnerablity in FortiAnalyzer/FortiManager in advanced settings page could allow an administrator to inject...

Oct 05, 2016 Risk IR Number: FG-IR-16-051
The pam.log file generated by FortiWLC contains authenticated users credentials (local admin and users authenticated against external...

Sep 30, 2016 Risk IR Number: FG-IR-16-030
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which...

Sep 30, 2016 Risk IR Number: FG-IR-16-029
A vulnerability in FortiDDoS allows escalation of privilege via remote OS injection through crafted URLs sent to the GUI. The...

Sep 28, 2016 Risk IR Number: FG-IR-16-037
OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities.CVE-2016-2108; CVE-2016-2107;...

Sep 22, 2016 Risk IR Number: FG-IR-16-026
One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation...

Sep 12, 2016 Risk IR Number: FG-IR-16-021
FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities.CVE-2016-4965:...

Sep 07, 2016 Risk IR Number: FG-IR-16-045
FortiGate firmware (FortiOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerability, when...

Aug 17, 2016 Risk IR Number: FG-IR-16-023
Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow malicious...

Aug 09, 2016 Risk IR Number: FG-IR-16-022
A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this potentially...

Aug 09, 2016 Risk IR Number: FG-IR-16-020
An XSS vulnerablity in FortiManager/FortiAnalyzer could allow privileged guest user accounts and restricted user accounts to inject...

Aug 09, 2016 Risk IR Number: FG-IR-16-016
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field;...

Aug 09, 2016 Risk IR Number: FG-IR-16-017
A client side XSS vulnerablity in FortiManager/FortiAnalyzer could allow malicious script being injected in the Web-UI; this potentially...

Aug 09, 2016 Risk IR Number: FG-IR-16-015
When a low privileged user uploads images in the report section, the filenames are not properly sanitized; this potentially enables...

Jul 14, 2016 Risk IR Number: FG-IR-16-014
OpenSSL released an update in January 2016 to address one high and one low severity vulnerabilities.

Jul 12, 2016 Risk IR Number: FG-IR-16-012