PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

It is possible to inject malicious script through the DHCP HOSTNAME option. The malicious script code is injected into th...

Mar 16, 2016 Risk IR Number: FG-IR-16-003 CVE-2015-3626
Since glibc 2.9, the glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() ...

Feb 25, 2016 Risk IR Number: FG-IR-16-002 CVE-2015-7547
An undocumented account used for communication with authorized FortiManager devices exists on some versions of FortiOS, F...

Jan 12, 2016 Risk IR Number: FG-IR-16-001 CVE-2016-1909
Researchers discovered that certain next generation firewalls are designed to permit full TCP handshake with any destinati...

Dec 15, 2015 Risk IR Number: FG-IR-15-024
OpenSSL released an update in December 2015 to address a small number of vulnerability issues.

Dec 10, 2015 Risk IR Number: FG-IR-15-023 CVE-2015-3193
The Graphical User Interface (GUI) of FortiManager v5.2.2 is vulnerable to two reflected Cross-Site Scripting (XSS) vulner...

Sep 24, 2015 Risk IR Number: FG-IR-15-022 CVE-2015-8037
FortiClient drivers expose IOCTL that may allow an unprivileged user to get system-level privileges.

Sep 01, 2015 Risk IR Number: FG-IR-15-025 CVE-2015-4077
Installing Forticlient SSLVPN Linux client build 2312 and lower in a home directory that is world readable-executable yiel...

Jul 24, 2015 Risk IR Number: FG-IR-15-017 CVE-2015-7362
The Web User Interface of FortiSandbox version 2.0.4 and below is vulnerable to multiple reflected Cross-Site Scripting vu...

Jul 24, 2015 Risk IR Number: FG-IR-15-019 CVE-2015-7360
A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availabilit...

Jul 24, 2015 Risk IR Number: FG-IR-15-020 CVE-2015-7361
When connecting to a FortiGuard server via TLS, FortiOS 5.2.3/5.0.11 and below is supporting multiple weak ciphers includi...

Jul 24, 2015 Risk IR Number: FG-IR-15-021 CVE-2015-2323
The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message. An atta...

Jul 15, 2015 Risk IR Number: FG-IR-15-016
OpenSSL released a security advisory in July 2015 to announce a high severity vulnerability affecting any application that...

Jul 09, 2015 Risk IR Number: FG-IR-15-015 CVE-2015-1793
OpenSSL released a security advisory in June 2015 to announce multiple security vulnerabilities.

Jun 11, 2015 Risk IR Number: FG-IR-15-014 CVE-2014-8176
Researchers (from the same group of people who discovered the FREAK Vulnerability in SSL/TLS) have published a paper demon...

May 20, 2015 Risk IR Number: FG-IR-15-013 CVE-2015-4000