Filter by Date
- 2022
  - 6 11-2022
  - 4 10-2022
  - 1 09-2022
  - 1 08-2022
  - 4 07-2022
  - 3 06-2022
  - 2 05-2022
  - 6 04-2022
  - 5 03-2022
  - 5 02-2022
- 2021
  - 17 12-2021
  - 6 11-2021
  - 1 10-2021
  - 4 09-2021
  - 7 08-2021
  - 5 07-2021
  - 3 06-2021
  - 1 05-2021
  - 2 01-2021
- 2020
  - 2 10-2020
  - 2 01-2020
- 2019
  - 1 11-2019
  - 1 09-2019
  - 3 08-2019
  - 1 07-2019
  - 1 05-2019
  - 1 04-2019
  - 1 01-2019
- 2018
  - 1 11-2018
  - 1 04-2018
  - 1 03-2018
- 2017
  - 1 12-2017
  - 2 11-2017
  - 3 10-2017
  - 3 04-2017
  - 1 02-2017
- 2016
  - 2 09-2016
  - 1 08-2016
  - 1 07-2016
- 2015
  - 1 07-2015
  - 1 05-2015
  - 1 02-2015
- 2014
  - 1 10-2014
- 2013
  - 1 11-2013
  - 1 07-2013
Filter by Severity
- 0 Critical
- 119 High
- 0 Medium
- 0 Low
- 0 Informational
Filter by Affected Product
- All
- 19 FortiWeb
- 16 FortiOS
- 9 FortiClientWindows
- 7 FortiProxy
- 6 FortiManager
- 6 FortiAnalyzer
- 6 FortiMail
- 6 FortiWLM
- 5 FortiADC
- 5 FortiSandbox
- 5 FortiWAN
- 4 FortiAuthenticator
- 4 FortiClientEMS
- 4 FortiNAC
- 4 FortiAP
- 4 FortiDeceptor
- 3 FortiPortal
- 3 FortiDDoS
- 3 FortiTester
- 3 FortiClientLinux
- 2 FortiSIEM
- 2 FortiWLC
- 2 FortiClientMac
- 2 FortiRecorder
- 2 FortiVoiceEnterprise
- 2 FortiAP-S
- 2 FortiAP-U
- 2 FortiAP-W2
- 2 FortiIsolator
- 2 FortiNDR
- 1 FortiSwitch
- 1 FortiSOAR
- 1 FortiEDR
- 1 FortiDDoS-F
- 1 FortiADCManager
- 1 FortiExtender
- 1 FortiSIEMWindowsAgent
- 1 AscenLink
- 1 FortiAP-C
- 1 FortiCache
- 1 FortiClientiOS
- 1 FortiWebManager
- 1 FortiClientAndroid
- 1 FortiOS-6K7K
- 1 FortiWAN-Manager
- 1 Meru Controller
- 0 FortiAnalyzer-BigData
- 0 FortiDDoS-CM
- 0 FortiTokenAndroid
- 0 Meru AP
- 0 AV Engine
- 0 FSSO Windows CA
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiDB
- 0 FortiFone
- 0 FortiGuard
- 0 FortiSDNConnector
- 0 FortiSwitchManager
- 0 FortiTokenIOS
- 0 FortiTokenMobileWP

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2022: Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiClientEMS - Session cookie does not expire after logout

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS may allow an attacker to reuse the unexpired...

FortiClientEMS 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Oct 05, 2021 Severity light-circle-logo

High IR Number: FG-IR-20-072 CVE-2021-24019

FortiAuthenticator - Command injection in CLI

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpret...

FortiAuthenticator 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.5.0, 5.4.1, 5.4.0, 5.3.1, 5.3.0, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.0

Sep 07, 2021 Severity light-circle-logo

High IR Number: FG-IR-21-068 CVE-2021-26116

FortiClient Linux - Command injection vulnerability

An OS command injection (CWE-78) vulnerability in FortiClient for Linux may allow an unauthenticated, network-adjacent att...

FortiClientLinux 6.4.2, 6.2.8

Sep 07, 2021 Severity light-circle-logo

High IR Number: FG-IR-20-241 CVE-2021-22127

FortiWeb - Multiple stack-based buffer overflow vulnerabilities in CLI command

Multiple stack-based buffer overflow vulnerabilities in FortiWeb CLI interface may allow an authenticated attacker to exec...

FortiWeb 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Sep 07, 2021 Severity light-circle-logo

High IR Number: FG-IR-20-206 CVE-2021-36179

FortiWeb - OS Command Injection because of missing input parameter sanitization

Multiple improper neutralization of special elements vulnerabilities [CWE-89] used in a command in FortiWeb may allow an a...

FortiWeb 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4

Sep 07, 2021 Severity light-circle-logo

High IR Number: FG-IR-21-047 CVE-2021-36182

FortiWeb - OS command injection vulnerability

An OS command injection vulnerability in FortiWeb's management interface may allow a remote authenticated administrator to...

FortiWeb 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Aug 18, 2021 Severity light-circle-logo

High IR Number: FG-IR-21-116 CVE-2021-22123

FortiManager & FortiAnalyzer - Improper validation of dispatcher socket parameters

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI may allow a remote and ...

FortiManager 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0 FortiAnalyzer 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0