PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information...

FortiOS 6.2.3, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
Jun 01, 2020 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Informational IR Number: FG-IR-18-173 CVE-2018-13367
An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensi...

FortiOS 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 5.6.3, 5.6.2, 5.6.1, 5.4.7, 5.4.6, 5.2.15, 5.2.14, 5.2.13, 5.2.12
Nov 22, 2018 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Informational IR Number: FG-IR-18-325 CVE-2018-13376
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packet...

FortiOS 6.0.1, 6.0.0, 5.6.7, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
Nov 16, 2018 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Informational IR Number: FG-IR-18-101 CVE-2018-13366
The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname ...

FortiOS 6.0.1, 6.0.0, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0
Aug 23, 2018 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Informational IR Number: FG-IR-18-085 CVE-2018-13365
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via spec...

FortiOS 5.6.2, 5.6.1, 5.6.0, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0
May 18, 2018 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Informational IR Number: FG-IR-17-231 CVE-2017-14185
The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number.

FortiOS 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0
Aug 11, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Informational IR Number: FG-IR-17-073 CVE-2017-3130