PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

Researchers (from the same group of people who discovered the FREAK Vulnerability in SSL/TLS) have published a paper demonstrating...

May 20, 2015 Risk IR Number: FG-IR-15-013
Older versions of FortiWeb are subject to three vulnerabilities: 1. OS command injection: A WebUI administrator user may run...

Apr 16, 2015 Risk IR Number: FG-IR-15-010
Certain versions of FortiManager are subject to the following vulnerabilities: 1. Escalation of Privileges: under certain circumstances,...

Apr 16, 2015 Risk IR Number: FG-IR-15-011
FortiMail's "diag debug application httpd" set of commands can be used to capture the credentials entered in the admin WebGui...

Apr 10, 2015 Risk IR Number: FG-IR-15-009
OpenSSL released a security advisory in March 2015 to announce multiple security vulnerabilities.

Mar 24, 2015 Risk IR Number: FG-IR-15-008
FREAK is an attack on SSL/TLS, which allows "Man in the Middle" attackers to decipher and alter HTTPS connections between a server...

Mar 04, 2015 Risk IR Number: FG-IR-15-007
FortiClient Android and iOS are affected by two vulnerabilities: Android and iOS FortiClient do not check the validity of server...

Feb 25, 2015 Risk IR Number: FG-IR-15-004
The Web User Interface of FortiGate, FortiManager, FortiAnalyzer, FortiMail and FortiADC D models are vulnerable to reflected...

Feb 25, 2015 Risk IR Number: FG-IR-15-005

Feb 05, 2015 Risk IR Number: FG-IR-15-002
Improper Guest User Permission Management issue exists in FortiGate.

Jun 13, 2013 Risk IR Number: FG-IR-013-004
FortiDB does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to inject...

Dec 03, 2012 Risk IR Number: FG-IR-012-007
FortiWeb does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to inject...

Dec 03, 2012 Risk IR Number: FG-IR-012-008
FortiWeb fails to sanitize user input. The vulnerability allows an attacker to inject script code.

Oct 25, 2012 Risk IR Number: FG-IR-012-006
Vulnerability-lab.com publicly released news of discovered vulnerabilities discovered in FortiGate UTM WAF Appliances platforms.

Sep 14, 2012 Risk IR Number: FG-IR-012-004
On May 2, 2012 a policy bypass vulnerability was publicly disclosed against Fortinet's FortiWeb Web Application Firewall. This...

May 04, 2012 Risk IR Number: FG-IR-012-002