- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 24 FortiSandbox
- 8 FortiOS
- 8 FortiNAC
- 6 FortiManager
- 5 FortiWeb
- 5 FortiAnalyzer
- 5 FortiWAN
- 5 FortiDB
- 4 FortiMail
- 4 FortiADC
- 4 FortiAuthenticator
- 4 FortiDDoS
- 3 FortiClientWindows
- 3 FortiAP
- 3 FortiClientMac
- 3 FortiVoiceEnterprise
- 3 AscenLink
- 3 FortiCache
- 2 FortiClientEMS
- 2 FortiSwitch
- 2 FortiRecorder
- 2 FortiTester
- 2 FortiClientAndroid
- 2 FortiClientiOS
- 2 FortiTokenIOS
- 2 SSL_VPN
- 1 FortiPortal
- 1 FortiWLC
- 1 FortiAP-W2
- 1 FortiWLM
- 1 FortiDeceptor
- 1 FortiTokenAndroid
- 1 FSSO Windows CA
- 1 FortiWAN-Manager
- 1 FortiWebManager
- 1 Meru Controller
- 1 FSSO (all dist.)
- 1 FortiExplorer Windows
- 1 FortiGuard
- 1 FortiVoice
- 0 FortiProxy
- 0 FortiSIEM
- 0 FortiAP-S
- 0 FortiSOAR
- 0 FortiAP-U
- 0 FortiClientLinux
- 0 FortiEDR
- 0 Meru AP
- 0 FortiADCManager
- 0 FortiDDoS-F
- 0 FortiIsolator
- 0 FortiNDR
- 0 FortiAP-C
- 0 FortiDDoS-CM
- 0 FortiExtender
- 0 FortiSIEMWindowsAgent
- 0 FortiAnalyzer-BigData
- 0 AV Engine
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiFone
- 0 FortiOS-6K7K
- 0 FortiSDNConnector
- 0 FortiSwitchManager
- 0 FortiTokenMobileWP
December
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An insufficient logging [CWE-778] vulnerability in FortiSandbox and FortiDeceptor may allow a remote attacker to repeatedl...
FortiSandbox
4.0.2, 4.0.1, 4.0.0, 3.2.3, 3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0
FortiDeceptor
4.2.0, 4.1.1, 4.1.0, 4.0.2, 4.0.1, 4.0.0, 3.3.3, 3.3.2, 3.3.1, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0
Dec 06, 2022
Severity
Low
IR Number: FG-IR-21-170
CVE-2022-30305
An empty password in configuration file vulnerability [CWE-258] in FortiNAC may allow an authenticated attacker to access ...
FortiNAC
9.2.3, 9.2.2, 9.2.1, 9.2.0, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.0, 8.5.4, 8.5.2, 8.5.1, 8.5.0, 8.3.7
Jul 05, 2022
Severity
High
IR Number: FG-IR-22-058
CVE-2022-26117
An improper certificate validation vulnerability [CWE-295] in FortiOS, FortiAnalyzer, FortiManager, and FortiSandbox may a...
FortiAnalyzer
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
FortiManager
7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
FortiSandbox
4.0.2, 4.0.1, 4.0.0, 3.2.3, 3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.7, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
FortiOS
5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.2.0, 6.2.1, 6.2.10, 6.2.11, 6.2.12, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9
Jun 07, 2022
Severity
Medium
IR Number: FG-IR-18-292
CVE-2022-22305
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in Fort...
FortiNAC
9.2.2, 9.2.1, 9.2.0, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.0, 8.5.4, 8.5.2, 8.5.1, 8.5.0, 8.3.7
May 03, 2022
Severity
Medium
IR Number: FG-IR-22-062
CVE-2022-26116
An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated ...
A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root via the sudo command.
FortiNAC
9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0
Dec 07, 2021
Severity
High
IR Number: FG-IR-21-182
CVE-2021-41021
An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated ...
FortiNAC
9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0
Dec 07, 2021
Severity
High
IR Number: FG-IR-21-178
CVE-2021-43065
A missing cryptographic steps vulnerability [CWE-325] in the function that encrypts users' LDAP and RADIUS credentials in ...
FortiADC
6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.3, 6.0.2, 6.0.1, 6.0.0
FortiSandbox
3.2.2, 3.2.1, 3.2.0
FortiWeb
6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Dec 07, 2021
Severity
Medium
IR Number: FG-IR-20-222
CVE-2021-32591
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox may allow an authenticated att...
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox may allow an attacker to reuse the unexpired ad...
An improper input validation vulnerability in the sniffer interface of FortiSandbox may allow an authenticated attacker to...
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authentica...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-198
CVE-2021-26097
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allo...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0
Aug 03, 2021
Severity
Medium
IR Number: FG-IR-20-209
CVE-2021-24014
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox may allow an authenticated attacker ...
FortiSandbox
3.2.2, 3.2.1, 3.2.0
Aug 03, 2021
Severity
Medium
IR Number: FG-IR-20-188
CVE-2021-26096
Improper limitation of a pathname to a restricted directory (CWE-22) vulnerabilities in FortiSandbox may allow an authenti...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-202
CVE-2021-24010