PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to p...

FortiManager 5.6, 6.0, 6.2
Feb 13, 2020 Risk IR Number: FG-IR-19-191
FortiGate models which do not contain and embedded TRNG may suffer from insufficient entropy ("seed") in the CTR DRBG rand...

Feb 13, 2020 Risk IR Number: FG-IR-19-186
A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arb...

FortiAP 5.6, 6.0, 6.2
Feb 10, 2020 Risk IR Number: FG-IR-19-209
An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal ...

FortiAnalyzer 5.6, 6.0, 6.2 FortiAP 6.0, 6.2 FortiManager 5.6, 6.0, 6.2 FortiOS 6.0, 6.2 FortiSwitch 6.0, 6.2
Feb 03, 2020 Risk IR Number: FG-IR-19-013
A privilege escalation vulnerability in FortiClient for Linux may allow a user with low privilege to run root system comma...

Jan 27, 2020 Risk IR Number: FG-IR-19-238
Makers of popular WiFi hacking tool hashcat have discovered a way to improve password brute-forcing of the WPA/WPA2 wifi n...

Jan 27, 2020 Risk IR Number: FG-IR-18-199
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule...

Jan 27, 2020 Risk IR Number: FG-IR-19-197
A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH...

Jan 15, 2020 Risk IR Number: FG-IR-19-296
A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database ...

FortiSIEM 5.0, 5.1, 5.2
Jan 13, 2020 Risk IR Number: FG-IR-19-195
An improper neutralization of input during web page generation in FortiAuthenticator Agent for Outlook Web Access may allo...

Jan 06, 2020 Risk IR Number: FG-IR-19-104
Multiple vulnerabilities, referred to as Dragonblood, exist in WiFi WPA3 standard implementation .Dragonblood vulnerabilit...

Jan 03, 2020 Risk IR Number: FG-IR-19-107
Two improper access control vulnerabilities in FortiMail admin webUI may allow administrators to perform privileged functi...

Jan 03, 2020 Risk IR Number: FG-IR-19-237
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted H...

FortiGate 5.4, 5.6, 6.0
Jan 03, 2020 Risk IR Number: FG-IR-19-002
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with ...

Dec 05, 2019 Risk IR Number: FG-IR-18-100
CVE-2019-11477:The Linux kernel is vulnerable to an integer overflow in the 16 bit width of  TCP_SKB_CB(skb)->tcp_gso_segs...

Nov 29, 2019 Risk IR Number: FG-IR-19-180