PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An empty password in configuration file vulnerability [CWE-258] in FortiNAC may allow an authenticated attacker to access ...

FortiNAC 9.2.3, 9.2.2, 9.2.1, 9.2.0, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.0, 8.5.4, 8.5.2, 8.5.1, 8.5.0, 8.3.7
Jul 05, 2022 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-22-058 CVE-2022-26117
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in Fort...

FortiNAC 9.2.2, 9.2.1, 9.2.0, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.0, 8.5.4, 8.5.2, 8.5.1, 8.5.0, 8.3.7
May 03, 2022 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-22-062 CVE-2022-26116
An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated ...

FortiNAC
Dec 07, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-21-178 CVE-2021-43065
A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root via the sudo command.

FortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0
Dec 07, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-21-182 CVE-2021-41021
An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated ...

FortiNAC 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0
Dec 07, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-21-178 CVE-2021-43065
A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root by abusing the...

FortiNAC 8.7.1
May 05, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-20-038 CVE-2021-24011
An improper neutralization of input vulnerability in FortiNAC may allow a remote authenticated attacker to perform a store...

FortiNAC 8.6.2
Sep 23, 2020 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-20-002 CVE-2020-12816
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in FortiNAC admin webUI may allow an ...

FortiNAC 8.5.0
Jul 16, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-19-140 CVE-2019-5594