Filter by Date
- 2022
  - 3 12-2022
  - 4 11-2022
  - 4 10-2022
  - 4 09-2022
  - 2 08-2022
  - 4 07-2022
  - 1 06-2022
  - 4 05-2022
  - 1 04-2022
- 2021
  - 8 12-2021
  - 2 11-2021
  - 4 09-2021
  - 1 08-2021
  - 4 06-2021
  - 2 01-2021
- 2020
  - 1 12-2020
  - 2 10-2020
  - 3 09-2020
  - 1 07-2020
  - 2 06-2020
  - 1 05-2020
  - 3 02-2020
  - 3 01-2020
- 2019
  - 1 12-2019
  - 8 11-2019
  - 1 10-2019
  - 2 08-2019
  - 3 07-2019
  - 1 06-2019
  - 3 05-2019
  - 2 04-2019
  - 1 02-2019
  - 1 01-2019
- 2018
  - 2 11-2018
  - 1 08-2018
  - 1 07-2018
  - 1 06-2018
  - 3 05-2018
  - 1 04-2018
  - 1 01-2018
- 2017
  - 1 12-2017
  - 2 11-2017
  - 3 10-2017
  - 1 08-2017
  - 2 07-2017
  - 1 06-2017
  - 1 05-2017
  - 6 04-2017
- 2016
  - 1 12-2016
  - 1 11-2016
Filter by Severity
- 2 Critical
- 20 High
- 69 Medium
- 18 Low
- 7 Informational
Filter by Affected Product
- All
- 114 FortiOS
- 22 FortiProxy
- 17 FortiManager
- 16 FortiAnalyzer
- 12 FortiMail
- 12 FortiADC
- 10 FortiWeb
- 10 FortiSwitch
- 9 FortiWAN
- 8 FortiSandbox
- 8 FortiAP
- 8 FortiVoiceEnterprise
- 7 FortiAuthenticator
- 7 FortiDDoS
- 7 FortiRecorder
- 5 FortiClientWindows
- 5 FortiAP-W2
- 5 FortiDB
- 4 FortiPortal
- 4 FortiClientEMS
- 4 FortiClientMac
- 4 FortiTester
- 4 FortiAP-S
- 4 AscenLink
- 4 FortiCache
- 4 FortiDDoS-F
- 3 FortiSIEM
- 3 FortiWLC
- 3 Meru AP
- 3 FortiNDR
- 3 FortiClientAndroid
- 3 FortiClientiOS
- 2 FortiADCManager
- 2 FortiTokenIOS
- 2 FortiWAN-Manager
- 2 Meru Controller
- 2 SSL_VPN
- 1 FortiWLM
- 1 FortiAP-U
- 1 FortiDeceptor
- 1 FortiIsolator
- 1 FortiAP-C
- 1 FortiDDoS-CM
- 1 FortiTokenAndroid
- 1 FSSO Windows CA
- 1 FortiWebManager
- 1 AV Engine
- 1 FSSO (all dist.)
- 1 FortiExplorer Windows
- 1 FortiGuard
- 1 FortiOS-6K7K
- 1 FortiSwitchManager
- 1 FortiVoice
- 0 FortiNAC
- 0 FortiSOAR
- 0 FortiClientLinux
- 0 FortiEDR
- 0 FortiExtender
- 0 FortiSIEMWindowsAgent
- 0 FortiAnalyzer-BigData
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiFone
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2023: Jan
2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiOS - heap-based buffer overflow in sslvpnd

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to exe...

FortiProxy 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0 FortiOS 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.11, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0

Dec 12, 2022 Severity black-background-circle-icon

Critical IR Number: FG-IR-22-398 CVE-2022-42475

FortiOS & FortiProxy - SSH authentication bypass when RADIUS authentication is used

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component may allow a ...

FortiOS 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0 FortiProxy 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0

Dec 06, 2022 Severity black-background-circle-icon

High IR Number: FG-IR-22-255 CVE-2022-35843

FortiOS - Stored cross-site scripting in replacement messages visualization

A improper neutralization of input during web page generation ('cross-site scripting') [CWE-79] in FortiOS may allow a pri...

FortiProxy 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0 FortiOS 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.7, 6.0.8, 6.0.9, 6.2.10, 6.2.11, 6.2.12, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 7.0.0, 7.0.1, 7.0.2, 7.0.3

Dec 06, 2022 Severity black-background-circle-icon

Low IR Number: FG-IR-21-248 CVE-2022-40680

AV Engine - evasion by manipulating MIME attachment

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines...

AV Engine 6.33, 6.253, 6.252, 6.243, 6.157, 6.156, 6.145, 6.144, 6.142, 6.137, 4.4.54, 2.0.60, 2.0.49, 0.4.23 FortiMail 7.0.2, 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0 FortiOS 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.2.0, 6.2.1, 6.2.10, 6.2.11, 6.2.12, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.4.0, 6.4.1, 6.4.10, 6.4.11, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.2.0

Nov 01, 2022 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-074 CVE-2022-26122

FortiOS - RSA SSH host key lost at shutdown

A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS may allow an unauthenticated atta...

FortiOS 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0 FortiProxy 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0

Nov 01, 2022 Severity black-background-circle-icon

Low IR Number: FG-IR-22-228 CVE-2022-30307

FortiOS -- Read-Only users able to modify the Interface fields using the API

An improper access control [CWE-284] vulnerability in FortiOS may allow a remote authenticated read-only user to modify th...

FortiOS 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.11, 6.4.10, 6.4.1, 6.4.0

Nov 01, 2022 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-174 CVE-2022-38380

FortiOS -- Telnet on the SSL-VPN interface results in information leak

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN may allow a remot...

FortiOS 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0

Nov 01, 2022 Severity black-background-circle-icon

Low IR Number: FG-IR-22-223 CVE-2022-35842

OpenSSL3 CVE-2022-3602 CVE-2022-3786 vulnerabilities

CVE-2022-3602: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint check...

FortiOS 7.2.2, 7.2.1

Oct 28, 2022 Severity black-background-circle-icon

High IR Number: FG-IR-22-419

FortiOS - Privilege escalation via switch-control CLI command

An improper neutralization of special elements used in an os command [CWE-78] vulnerability in FortiOS may allow an authen...

FortiOS 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0

Oct 10, 2022 Severity black-background-circle-icon

High IR Number: FG-IR-21-242 CVE-2021-44171

FortiOS / FortiProxy - Access to NULL pointer in SSL VPN portal

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of FortiOS & FortiProxy may allow a remot...

FortiOS 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.2.0, 6.2.1, 6.2.10, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.2.0 FortiProxy 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.13, 1.2.12, 1.2.11, 1.2.10

Oct 10, 2022 Severity black-background-circle-icon

High IR Number: FG-IR-22-086 CVE-2022-29055

FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface

An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitch...

FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 FortiSwitchManager 7.2.0, 7.0.0

Oct 10, 2022 Severity black-background-circle-icon

Critical IR Number: FG-IR-22-377 CVE-2022-40684

FortiADC -- Read-Only user able to modify system files

An improper privilege management vulnerability [CWE-269] in FortiADC may allow a remote authenticated attacker with restri...

FortiDDoS-F 6.3.0 FortiADC 6.2.1, 6.2.0, 6.1.5, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0

Sep 06, 2022 Severity black-background-circle-icon

Medium IR Number: FG-IR-21-215 CVE-2021-43076

FortiOS - Flaws over keytab encryption scheme

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt keytab values in FortiOS may allow an ...

FortiOS 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.2.0, 6.2.1, 6.2.10, 6.2.11, 6.2.12, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.4.0, 6.4.1, 6.4.10, 6.4.11, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.2.0

Sep 06, 2022 Severity black-background-circle-icon

Low IR Number: FG-IR-22-158 CVE-2022-29053

FortiOS - TCP Middlebox Reflection

An improper verification of source of a communication channel vulnerability [CWE-940] in FortiOS may allow a remote and un...

Sep 06, 2022 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-073 CVE-2022-27491

FortiOS -- XSS vulnerability observed in External Connectors Of Security Fabric

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS may allow an authenticate...

FortiOS 7.2.0, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0 FortiProxy 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0

Sep 06, 2022 Severity black-background-circle-icon

Medium IR Number: FG-IR-21-222 CVE-2021-43080

Network

Files and Endpoint

Application

Additional SOC Services

Refine
RESET

PSIRT Advisories

Monthly PSIRT Advisories

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

Refine RESET

PSIRT Advisories

Monthly PSIRT Advisories

Refine
RESET