- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 12 FortiWLC
- 8 FortiNAC
- 4 FortiManager
- 4 FortiAnalyzer
- 3 FortiOS
- 3 FortiWAN
- 3 FortiAuthenticator
- 2 FortiADC
- 2 FortiPortal
- 2 FortiAP
- 2 FortiDDoS
- 1 FortiWeb
- 1 FortiSandbox
- 1 FortiSIEM
- 1 FortiVoiceEnterprise
- 1 FortiWLM
- 1 FortiDB
- 1 AscenLink
- 1 Meru AP
- 1 FortiADCManager
- 1 FortiCache
- 1 FortiAP-C
- 1 FortiDDoS-CM
- 1 FortiExtender
- 1 FortiWAN-Manager
- 1 FortiWebManager
- 1 Meru Controller
- 0 FortiProxy
- 0 FortiMail
- 0 FortiClientWindows
- 0 FortiClientEMS
- 0 FortiSwitch
- 0 FortiClientMac
- 0 FortiAP-W2
- 0 FortiRecorder
- 0 FortiTester
- 0 FortiAP-S
- 0 FortiSOAR
- 0 FortiAP-U
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 FortiEDR
- 0 FortiDDoS-F
- 0 FortiIsolator
- 0 FortiNDR
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiSIEMWindowsAgent
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FSSO Windows CA
- 0 FortiAnalyzer-BigData
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiOS-6K7K
- 0 FortiSDNConnector
- 0 FortiSwitchManager
- 0 FortiTokenMobileWP
- 0 FortiVoice
July
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An empty password in configuration file vulnerability [CWE-258] in FortiNAC may allow an authenticated attacker to access ...
FortiNAC
9.2.3, 9.2.2, 9.2.1, 9.2.0, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.0, 8.5.4, 8.5.2, 8.5.1, 8.5.0, 8.3.7
Jul 05, 2022
Severity
High
IR Number: FG-IR-22-058
CVE-2022-26117
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in Fort...
FortiNAC
9.2.2, 9.2.1, 9.2.0, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.0, 8.5.4, 8.5.2, 8.5.1, 8.5.0, 8.3.7
May 03, 2022
Severity
Medium
IR Number: FG-IR-22-062
CVE-2022-26116
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC may allow a local and authenticated attacker to cra...
FortiWLC
8.6.2, 8.6.1, 8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6
Apr 05, 2022
Severity
Medium
IR Number: FG-IR-21-002
CVE-2021-26093
An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated ...
A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root via the sudo command.
FortiNAC
9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0
Dec 07, 2021
Severity
High
IR Number: FG-IR-21-182
CVE-2021-41021
An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated ...
FortiNAC
9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0
Dec 07, 2021
Severity
High
IR Number: FG-IR-21-178
CVE-2021-43065
An improper access control vulnerability [CWE-284] in FortiWLC may allow an authenticated and remote attacker with low pri...
FortiWLC
8.6.1, 8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6, 8.0.5
Dec 07, 2021
Severity
High
IR Number: FG-IR-21-200
CVE-2021-42758
An improper access control (CWE-284) vulnerability in FortiWLC may allow an unauthenticated and remote attacker to access ...
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3
Jun 03, 2021
Severity
Medium
IR Number: FG-IR-20-138
CVE-2021-32584
Multiple instances of stack-based buffer overflow vulnerability (CWE-121) in the command line interface of FortiWLC may al...
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6, 8.0.5
Jun 01, 2021
Severity
Medium
IR Number: FG-IR-21-001
CVE-2021-26094
An improper neutralization of input during web page generation in FortiWLC web interface may allow both authenticated remo...
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3
Jun 01, 2021
Severity
Medium
IR Number: FG-IR-20-137
CVE-2021-26087
A use of hard-coded password vulnerability in Meru AP may allow a remote authenticated attacker to access the system as ro...
FortiWLC
8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.2.7, 8.2.6
Jun 01, 2021
Severity
Medium
IR Number: FG-IR-20-147
CVE-2021-22126
A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root by abusing the...
An improper neutralization of input vulnerability in FortiNAC may allow a remote authenticated attacker to perform a store...
An improper access control vulnerability in the admin SSH console of multiple products may allow an authenticated user to ...
FortiADC
5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiManager
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiAnalyzer
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0
FortiPortal
5.3.2, 5.2.4
FortiDDoS-CM
5.2.0
FortiAP-C
5.4.2
FortiExtender
4.2.0
FortiDDoS
5.2.0
FortiWLC
8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1
FortiADCManager
5.3.0
FortiSIEM
6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0
Jun 26, 2020
Severity
Medium
IR Number: FG-IR-19-292
CVE-2004-1653
An improper neutralization of input vulnerability in FortiWLC may allow a remote authenticated attacker to perform a store...