PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may allow...
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restoring modified...
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before it...
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of...
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an unauthenticated...
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS may allow an unauthenticated remote attacker to crash...
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive...
An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbitrary...
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes,...
FortiClient for Windows could be subject to the following shut down or tampering attempts:a) User Interface or Command Line shut...
Multiple information exposure vulnerabilities in FortiOS may allow an unauthenticated attacker to perform some information gathering...
An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated attacker...
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized...
Some models of FortiAnalyzer and FortiManager have a default setting of "Failover", for remote IPMI access; this means that if...
Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service (DoS) attacks.The related CVEs are:CVE-2019-9511,...