PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

The Web User Interface of FortiSandbox version 2.0.4 and below is vulnerable to multiple reflected Cross-Site Scripting vu...

Jul 24, 2015 Risk IR Number: FG-IR-15-019 CVE-2015-7360
A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availabilit...

Jul 24, 2015 Risk IR Number: FG-IR-15-020 CVE-2015-7361
When connecting to a FortiGuard server via TLS, FortiOS 5.2.3/5.0.11 and below is supporting multiple weak ciphers includi...

Jul 24, 2015 Risk IR Number: FG-IR-15-021 CVE-2015-2323
The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message. An atta...

Jul 15, 2015 Risk IR Number: FG-IR-15-016
OpenSSL released a security advisory in July 2015 to announce a high severity vulnerability affecting any application that...

Jul 09, 2015 Risk IR Number: FG-IR-15-015 CVE-2015-1793
OpenSSL released a security advisory in June 2015 to announce multiple security vulnerabilities.

Jun 11, 2015 Risk IR Number: FG-IR-15-014 CVE-2014-8176
Researchers (from the same group of people who discovered the FREAK Vulnerability in SSL/TLS) have published a paper demon...

May 20, 2015 Risk IR Number: FG-IR-15-013 CVE-2015-4000
The VENOM (Virtualized Environment Neglected Operations Manipulation) vulnerability impacts popular virtualization platfor...

May 19, 2015 Risk IR Number: FG-IR-15-012 CVE-2015-3456
Older versions of FortiWeb are subject to three vulnerabilities: 1. OS command injection: A WebUI administrator user may ...

Apr 16, 2015 Risk IR Number: FG-IR-15-010
Certain versions of FortiManager are subject to the following vulnerabilities: 1. Escalation of Privileges: under certain...

Apr 16, 2015 Risk IR Number: FG-IR-15-011 CVE-2015-3611
FortiMail's "diag debug application httpd" set of commands can be used to capture the credentials entered in the admin Web...

Apr 10, 2015 Risk IR Number: FG-IR-15-009 CVE-2015-3293
OpenSSL released a security advisory in March 2015 to announce multiple security vulnerabilities.

Mar 24, 2015 Risk IR Number: FG-IR-15-008 CVE-2015-0291
FREAK is an attack on SSL/TLS, which allows "Man in the Middle" attackers to decipher and alter HTTPS connections between ...

Mar 04, 2015 Risk IR Number: FG-IR-15-007 CVE-2015-0204
Prior to build 237, the Windows version of FSSO can be remotely exploited to run arbitrary code over the TCP/8000 port wit...

Feb 27, 2015 Risk IR Number: FG-IR-15-006 CVE-2015-2281
FortiClient Android and iOS are affected by two vulnerabilities: Android and iOS FortiClient do not check the validity of...

Feb 25, 2015 Risk IR Number: FG-IR-15-004 CVE-2015-1453