PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An OS command injection vulnerability in FortiManager and FortiAnalyzer may allow a privileged system administrator to run...

FortiAnalyzer 6.0, 6.2 FortiManager 6.0, 6.2
Jun 26, 2020 Risk IR Number: FG-IR-19-294
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a lo...

FortiGate 5.4, 5.6, 6.0, 6.2
Jun 26, 2020 Risk IR Number: FG-IR-19-217
An insufficient control of network message volume (CWE-406) vulnerability in FortiAnalyzer may allow an unauthenticated re...

Jun 22, 2020 Risk IR Number: FG-IR-20-036
An insufficient session expiration vulnerability in FortiDeceptor may allow an attacker to reuse the unexpired admin user ...

FortiDeceptor 3.0
Jun 21, 2020 Risk IR Number: FG-IR-20-006
An expression language injection vulnerability in FortiSIEM JBoss RichFaces library may allow a remote attacker to inject ...

FortiSIEM 5.2
Jun 21, 2020 Risk IR Number: FG-IR-20-041
An improper neutralization of input vulnerability in FortiWLC may allow a remote authenticated attacker to perform a store...

Jun 21, 2020 Risk IR Number: FG-IR-20-016
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated a...

FortiAnalyzer 6.2
Jun 03, 2020 Risk IR Number: FG-IR-20-003
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated pri...

Jun 03, 2020 Risk IR Number: FG-IR-20-021
Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may a...

FortiClient 6.0, 6.2
Jun 01, 2020 Risk IR Number: FG-IR-19-194
An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information...

Jun 01, 2020 Risk IR Number: FG-IR-18-173
An improper neutralization of input vulnerability in the FortiGateCloud login page may allow a remote unauthenticated atta...

FortiCloud 4.4
May 25, 2020 Risk IR Number: FG-IR-19-306
An Insecure Temporary File (CWE-377) vulnerability in FortiClient for Windows may allow a local user to gain elevated priv...

FortiClient 6.2, 6.0
May 25, 2020 Risk IR Number: FG-IR-20-040
An improper input validation (CWE-20) vulnerability in FortiAP CLI admin console may allow unauthorized administrators to ...

FortiAP 5.6, 6.0, 6.2
May 25, 2020 Risk IR Number: FG-IR-19-298
TCP stacks that lack RFC 5961 3.2 & 4.2 support (or have it disabled at application level) may allow remote attackers to g...

FortiAnalyzer 6.2, 6.0 FortiManager 6.2, 6.0
May 20, 2020 Risk IR Number: FG-IR-16-039
An improper authentication vulnerability in FortiMail and FortiVoiceEnterprise may allow a remote unauthenticated attacker...

Apr 27, 2020 Risk IR Number: FG-IR-20-045