PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

Failure to sanitize the error or message handling parameters in the SSL VPN web portal may allow an attacker to perform a ...

Nov 26, 2019 Risk IR Number: FG-IR-18-383
A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for l...

Nov 26, 2019 Risk IR Number: FG-IR-18-388
A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS...

Nov 26, 2019 Risk IR Number: FG-IR-18-384
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may a...

Nov 25, 2019 Risk IR Number: FG-IR-19-184
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restori...

Nov 14, 2019 Risk IR Number: FG-IR-17-053
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before...

Nov 14, 2019 Risk IR Number: FG-IR-19-017
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private key...

Nov 14, 2019 Risk IR Number: FG-IR-19-134
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an una...

Nov 14, 2019 Risk IR Number: FG-IR-19-099
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS may allow an unauthenticated remote attacker t...

Nov 08, 2019 Risk IR Number: FG-IR-19-236
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker  to read sen...

Nov 08, 2019 Risk IR Number: FG-IR-19-227
An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbi...

Nov 01, 2019 Risk IR Number: FG-IR-19-273
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root proce...

Oct 29, 2019 Risk IR Number: FG-IR-19-210
FortiClient for Windows could be subject to the following shut down or tampering attempts:a) User Interface or Command Lin...

Oct 18, 2019 Risk IR Number: FG-IR-19-148
Multiple information exposure vulnerabilities in FortiOS may allow an unauthenticated attacker to perform some information...

Oct 18, 2019 Risk IR Number: FG-IR-19-043
An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated ...

Oct 08, 2019 Risk IR Number: FG-IR-19-100