PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS may allow an unauthenticated attacke...

FortiClientEMS 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Dec 07, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-21-192 CVE-2021-41030
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS and an improper certifica...

FortiClientWindows 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0 FortiClientMac 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1 FortiClientEMS 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0 FortiClientLinux 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Dec 07, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-21-075 CVE-2021-41028
A missing encryption of sensitive data vulnerability [CWE-311] in FortiClientEMS may allow an authenticated attacker to vi...

FortiClientEMS 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0
Dec 07, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-21-140 CVE-2021-36189
An unsafe search path vulnerability  in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack atta...

FortiClientWindows 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0 FortiClientEMS 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Nov 29, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-21-088 CVE-2021-32592
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS may allow a remote authenticated attacker to ...

FortiClientEMS 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Nov 02, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-20-067 CVE-2020-15940
A path traversal vulnerability [CWE-22] in FortiClientEMS may allow an authenticated attacker to inject directory traversa...

FortiClientEMS 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Oct 05, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-20-074 CVE-2020-15941
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS may allow an attacker to reuse the unexpired...

FortiClientEMS
Oct 05, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-20-072 CVE-2021-24019
Multiple padding Oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation ...

FortiClientEMS 6.4.4, 6.4.3, 6.4.2, 6.2.8, 6.2.7
Feb 25, 2020 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-19-145 CVE-2019-5592
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute un...

FortiClientEMS 6.2.0
Sep 23, 2019 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-19-072 CVE-2019-16149
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birt...

FortiCache 4.2.8, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0, 3.1.1, 3.1.0, 3.0.8, 3.0.7, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 2.3.7, 2.3.6, 2.3.5, 2.3.4, 2.3.3, 2.3.2, 2.3.1, 2.3.0, 2.2.4, 2.2.3, 2.2.2, 2.2.1, 2.2.0, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.0.1, 2.0.0, 1.0.0, 0.4.10 FortiClientEMS 1.2.1, 1.0.2, 1.0.1, 1.0.0 FortiManager 6.0.2, 5.6.5 FortiAnalyzer 6.0.2, 5.6.5 FortiOS 5.4.1, 5.4.0, 5.2.9, 5.0.14 FortiSwitch 6.0.1, 3.6.7 FortiPortal 5.0.0
Feb 07, 2019 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-17-173 CVE-2016-2183