PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

A race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel may allow local users to obtain sensitive...

Apr 05, 2017 Risk IR Number: FG-IR-16-013
The first launch of FortiClient SSLVPN Linux creates a log file without any prior check. By previously creating a symbolic or...

Apr 05, 2017 Risk IR Number: FG-IR-16-069
ntp released an announcement on 26th April 2016, describing 4 low and 7 medium severity vulnerabilities, as listed below: CVE-2016-1551CVE-2016-1549CVE-2016-2516CVE-2016-2517CVE-2016-2518CVE-2016-2519CVE-2016-1547CVE-2016-1548CVE-2015-7704...

Apr 03, 2017 Risk IR Number: FG-IR-16-035
A cross-site-scripting vulnerablity in FortiAnalyzer/FortiManager in advanced settings page could allow an administrator to inject...

Oct 05, 2016 Risk IR Number: FG-IR-16-051
One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation...

Sep 12, 2016 Risk IR Number: FG-IR-16-021
OpenSSL released an update in January 2016 to address one high and one low severity vulnerabilities.

Jul 12, 2016 Risk IR Number: FG-IR-16-012
A path traversal vulnerability allows an administrator account with read and write privileges to read arbitrary files using the...

May 26, 2016 Risk IR Number: FG-IR-16-009
FortiOS now includes for all SSL libraries a countermeasure against Lenstra's fault attack on RSA-CRT optimization when a RSA...

May 16, 2016 Risk IR Number: FG-IR-16-008
The FortiOS webui accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect....

Mar 16, 2016 Risk IR Number: FG-IR-16-004
It is possible to inject malicious script through the DHCP HOSTNAME option. The malicious script code is injected into the device's...

Mar 16, 2016 Risk IR Number: FG-IR-16-003
Researchers discovered that certain next generation firewalls are designed to permit full TCP handshake with any destination,...

Dec 15, 2015 Risk IR Number: FG-IR-15-024
OpenSSL released an update in December 2015 to address a small number of vulnerability issues.

Dec 10, 2015 Risk IR Number: FG-IR-15-023
FortiClient drivers expose IOCTL that may allow an unprivileged user to get system-level privileges.

Sep 01, 2015 Risk IR Number: FG-IR-15-025
When connecting to a FortiGuard server via TLS, FortiOS 5.2.3/5.0.11 and below is supporting multiple weak ciphers including anonymous,...

Jul 24, 2015 Risk IR Number: FG-IR-15-021
OpenSSL released a security advisory in June 2015 to announce multiple security vulnerabilities.

Jun 11, 2015 Risk IR Number: FG-IR-15-014