PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

Multiple CSRF (Cross-Site Request Forgery) vulnerabilities exist in FortiGate because GUI pages are not protected by CSRF ...

Jul 08, 2013 Risk IR Number: FG-IR-13-014 CVE-2013-1414
Improper Guest User Permission Management issue exists in FortiGate.

Jun 13, 2013 Risk IR Number: FG-IR-013-004 CVE-2013-4604
Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow a...

May 13, 2013 Risk IR Number: FG-IR-13-008
Input filter bypass and exception handling vulnerabilities can be used by an attacker to hijack administrator or customer ...

Jan 29, 2013 Risk IR Number: FG-IR-013-001 CVE-2013-1471
FortiDB does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to i...

Dec 03, 2012 Risk IR Number: FG-IR-012-007 CVE-2012-6347
FortiWeb does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to ...

Dec 03, 2012 Risk IR Number: FG-IR-012-008 CVE-2012-6346
FortiWeb fails to sanitize user input. The vulnerability allows an attacker to inject script code.

Oct 25, 2012 Risk IR Number: FG-IR-012-006
FortiMail fails to sanitize user input. The vulnerability allows an attacker to bypass its input filtering routine, which ...

Oct 25, 2012 Risk IR Number: FG-IR-012-005
Vulnerability-lab.com publicly released news of discovered vulnerabilities discovered in FortiGate UTM WAF Appliances platforms.

Sep 14, 2012 Risk IR Number: FG-IR-012-004
Fortinet has verified a potential issue during HTTP session authentication that could lead to a buffer overflow condition ...

Aug 20, 2012 Risk IR Number: FG-IR-012-003
On May 2, 2012 a policy bypass vulnerability was publicly disclosed against Fortinet's FortiWeb Web Application Firewall. ...

May 04, 2012 Risk IR Number: FG-IR-012-002
On January 27, 2012, vulnerability-lab.com publicly released news of discovered vulnerabilities discovered in FortiGate UT...

Feb 01, 2012 Risk IR Number: FG-IR-012-001 CVE-2012-0941