PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.


Oct 15, 2014 Risk IR Number: FG-IR-14-031 CVE-2014-3566
An exploit has been discovered in GNU Bourne Again Shell (Bash) versions 1.14.0 through 4.3.  This vulnerability may allow...

FortiAnalyzer 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.10, 5.2.1, 5.2.0, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0 FortiAuthenticator 3.1.1, 3.1.0, 3.0.3, 3.0.0, 2.2.0, 2.1.0, 1.3.1, 1.3.0, 1.2.1, 1.2.0, 1.1.0, 1.0.0 FortiDB 5.1.1, 5.1.0, 5.0.0, 4.4.3, 4.4.2, 4.4.1, 4.4.0, 4.3.2, 4.0.1, 4.0.0, 3.2.7, 3.2.6, 3.2.5, 3.2.4, 3.2.3, 3.2.1, 0.4.10 FortiManager 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.10, 5.2.1, 5.2.0, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3.0, 4.2.9, 4.2.8, 4.2.7, 4.2.6, 4.2.5, 4.2.4, 4.2.2, 4.2.1, 4.2.0, 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.0.3, 4.0.2, 4.0.1, 4.0.0 FortiWLC 8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6, 8.0.5
Sep 25, 2014 Risk IR Number: FG-IR-14-030 CVE-2014-6271
A temporary denial of service condition can be created using a specially crafted request sent to the FortiManager protocol...

Aug 19, 2014 Risk IR Number: FG-IR-14-006 CVE-2014-0351
FortiWeb 5.0, 5.1 and 5.2.0 are vulnerable to multiple reflective cross-site scripting issues. Several parameters in the w...

Jul 10, 2014 Risk IR Number: FG-IR-14-012 CVE-2014-4738
The OpenSSL project released an advisory on June 5th, 2014, which describes the following vulnerabilities: SSL/TLS MITM v...

Jun 06, 2014 Risk IR Number: FG-IR-14-018 CVE-2014-0224
Multiple CSRF vulnerabilities exist in the FortiWeb web administration console due to lack of CSRF token protection. This ...

May 02, 2014 Risk IR Number: FG-IR-14-013 CVE-2014-3115
An information disclosure vulnerability has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This vulnerability m...

Apr 08, 2014 Risk IR Number: FG-IR-14-011 CVE-2014-0160
The web administration interface on FortiADC D-series versions 3.2.0 and lower have a reflective cross-site scripting vuln...

Apr 03, 2014 Risk IR Number: FG-IR-14-004 CVE-2014-0331
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access...

Apr 02, 2014 Risk IR Number: FG-IR-14-010 CVE-2014-2721 password issue
FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and...

Feb 13, 2014 Risk IR Number: FG-IR-13-009 CVE-2014-1955
FortiOS 5.0.5 and earlier versions contain a cross-site scripting vulnerability. The mkey parameter in the URL /firewall/...

Feb 03, 2014 Risk IR Number: FG-IR-14-003 CVE-2013-7182
Fortiweb 5.0.3 and earlier versions contain a cross-site scripting vulnerability. The filter parameter in the URL "/user/...

Feb 03, 2014 Risk IR Number: FG-IR-14-002 CVE-2013-7181
Authenticated administrative users can store injected Javascript content into a specific field on the web management inter...

Jan 17, 2014 Risk IR Number: FG-IR-14-001 CVE-2014-1458
Authenticated admin users may be able to obtain access to a system shell from the command line interface.

Dec 13, 2013 Risk IR Number: FG-IR-13-016 CVE-2013-6990
Multiple CSRF vulnerabilities exist in the FortiAnalyzer web administration console due to an error in CSRF token validati...

Nov 22, 2013 Risk IR Number: FG-IR-13-018 CVE-2013-6826