PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
Failure to sanitize input in the customized data pattern webpage of FortiCASB may allow an authenticated attacker to conduct...
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from...
A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man...
Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability (CVE-2018-16986) present in the Texas Instruments WiFi chips.CVE-2018-16986:Texas...
FortiSwitch is vulnerable to multiple Cross-site Scripting (XSS) attacks present in the jQuery javascript libraryCVE-2015-9251:jQuery...
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings...
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox may allow an attacker to execute unauthorized code...
An improper access control vulnerability in FortiClientMac may allow an attacker to affect the application's performance via modifying...
An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server...
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday...
There is a format string vulnerability in the SSH username handling when connecting to FortiOS 5.6.0, that may lead to memory...
There is a Null pointer dereference in the NDIS Miniport drivers in FortiClient on Windows, which may be leveraged by an unprivileged...
A researcher has disclosed several vulnerabilities against FortiClient for Windows, the combination of these vulnerabilities can...
An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive...
libssh versions 0.6 and above have an authentication bypass vulnerability inthe server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS...