PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute un...

Sep 23, 2019 Risk IR Number: FG-IR-19-072
Some models of FortiAnalyzer and FortiManager have a default setting of "Failover", for remote IPMI access; this means tha...

Sep 17, 2019 Risk IR Number: FG-IR-17-195
Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service (DoS) attacks.The related CVEs are...

Sep 03, 2019 Risk IR Number: FG-IR-19-225
An Improper Authorization vulnerability in the SSL VPN web portal may allow an unauthenticated attacker to change the pass...

Aug 30, 2019 Risk IR Number: FG-IR-18-389
11 zero day vulnerabilities (aka. URGENT/11) were disclosed in VxWorks® TCP/IP stack (IPnet):CVE-2019-12255 - TCP Urgent P...

Aug 26, 2019 Risk IR Number: FG-IR-19-222
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc. These attacks allow malicious use...

Aug 26, 2019 Risk IR Number: FG-IR-18-002
Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS...

Aug 21, 2019 Risk IR Number: FG-IR-19-034
An Use of Hard-coded Credentials vulnerability in FortiRecorder may allow an unauthenticated attacker with knowledge of th...

Aug 12, 2019 Risk IR Number: FG-IR-19-185
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sen...

Jul 26, 2019 Risk IR Number: FG-IR-19-037
FortiOS Explicit Web Proxy by default allows non-standard HTTP traffic. FortiOS SSL/SSH Inspection Profile by default allo...

Jul 24, 2019 Risk IR Number: FG-IR-19-111
Multiple Fortinet products may be affected by the following Linux Kernel vulnerability:CVE-2016-10229 Linux Kernel ipv4/ud...

Jul 24, 2019 Risk IR Number: FG-IR-17-118
FortiOS by default enables TCP timestamp response, which may lead to information disclosure.The TCP timestamp response can...

Jul 24, 2019 Risk IR Number: FG-IR-16-090
Certificates taken out of service could potentially be improperly re-used. Impact detailFortinet has already taken steps t...

Jul 19, 2019 Risk IR Number: FG-IR-19-144
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in FortiNAC admin webUI may allow an ...

Jul 16, 2019 Risk IR Number: FG-IR-19-140
The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized...

Jun 12, 2019 Risk IR Number: FG-IR-19-070