- Filter by Date
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
- 2014
- 2013
- 2012
- Filter by Risk
-
22
-
58
-
198
-
68
-
11
-
22
-
Filter by Affected Product
- All
- 55 FortiOS
- 26 FortiManager
- 21 FortiAnalyzer
- 15 FortiSandbox
- 14 FortiMail
- 10 FortiPortal
- 10 FortiWeb
- 9 FortiProxy
- 9 FortiWLC
- 8 FortiADC
September
(12)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and re...
An OS command injection vulnerability in FortiDeceptor may allow a remote authenticated attacker to execute arbitrary comm...
FortiClient and FortiOS AV engines may not immediately detect certain types of malformed or non-standard RAR archives, pot...
During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerabilit...
FortiAP-U
6.0.2, 6.0.1, 6.0.0, 5.4.6
Meru AP
8.5.1, 8.4.6
Dec 01, 2020
Risk
IR Number: FG-IR-20-035
CVE-2019-15126
An improper neutralization of input vulnerability in the FortiGate may allow a remote attacker to perform a stored cross s...
A cleartext storage of sensitive information in GUI in FortiADC may allow a remote authenticated attacker to retrieve some...
FortiADC
6.0.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0
Nov 03, 2020
Risk
IR Number: FG-IR-20-044
CVE-2020-15935
An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticat...
FortiDDoS
5.4.0, 5.3.1, 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0, 4.5.0, 4.4.2, 4.4.1, 4.4.0
FortiDDoS-CM
5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.7.0
FortiMail
6.4.1, 6.4.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.13, 5.3.12, 5.3.10, 5.3.1, 5.3.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.10, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.11, 5.0.10, 5.0.1, 5.0.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3.0, 4.2.4, 4.2.3, 4.2.2, 4.2.1, 4.2.0, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.5, 4.0.4, 4.0.3, 4.0.1
FortiRecorder
6.0.3, 6.0.2, 6.0.1, 6.0.0
FortiVoiceEnterprise
6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Nov 03, 2020
Risk
IR Number: FG-IR-20-105
CVE-2020-15933
A cleartext storage of sensitive information vulnerability in FortiOS command line interface may allow an authenticated at...
FortiOS
6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
Oct 19, 2020
Risk
IR Number: FG-IR-20-009
CVE-2020-6648
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux may allow local users to...
FortiClientLinux
6.4.0, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Oct 19, 2020
Risk
IR Number: FG-IR-20-110
CVE-2020-15934
The Apache project released an advisory on August 7th 2020, which describes the following vulnerabilities:1) CVE-2020-9490...
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS may allow an authenticated remote attacker to c...
FortiGate may fail to record traffic destined to Fortinet owned IP addresses i.e. traffic destined to the following subnet...
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiOS may allow a rem...
FortiOS
6.4.1, 6.4.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0
Sep 24, 2020
Risk
IR Number: FG-IR-20-082
CVE-2020-12819
Under non-default configuration, a stack-based buffer overflow in FortiGate may allow a remote attacker authenticated to t...
FortiOS
6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0
Sep 24, 2020
Risk
IR Number: FG-IR-20-083
CVE-2020-12820
An improper neutralization of input vulnerability in FortiNAC may allow a remote authenticated attacker to perform a store...