Refine
RESET


Filter by Date:
All
Filter by Risk Level:
All
Filter by Affected Product:
All

PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiGate fails to block malformed HTTP/S traffic when transparent proxy is enabled
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate on port 80/443, it is not redirected to t...
FortiGate 6.2, 6.4
Jan 21, 2021 Risk IR Number: FG-IR-20-172
Kr00k vulnerability (CVE-2019-15126) in Broadcom and Cypress Wi-Fi chips
During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerabilit...
Dec 01, 2020 Risk IR Number: FG-IR-20-035
Use of a hard-coded cryptographic key to cipher sensitive data in CLI configuration
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnal...
FortiAnalyzer 6.0, 6.2 FortiManager 6.0, 6.2 FortiOS 6.0, 6.2
Jun 30, 2020 Risk IR Number: FG-IR-19-007
FortiClient Use of Hard-coded Cryptographic Key
Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may a...
FortiClient 6.0, 6.2
Jun 01, 2020 Risk IR Number: FG-IR-19-194
Improper Authorization vulnerability in FortiADC
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform c...
Apr 06, 2020 Risk IR Number: FG-IR-20-013
XSS vulnerability in the FortiManager via the buffer parameter
An improper neutralization of input vulnerability in FortiManager GUI may allow an authenticated attacker to perform an XS...
Mar 11, 2020 Risk IR Number: FG-IR-19-271
Stored XSS vulnerability in traffic group interface
An improper neutralization of input vulnerability in the FortiADC may allow an attacker to execute a stored Cross Site Scr...
FortiADC 5.3
Mar 09, 2020 Risk IR Number: FG-IR-19-220
FortiOS DRBG insufficient entropy
FortiGate models which do not contain and embedded TRNG may suffer from insufficient entropy ("seed") in the CTR DRBG rand...
Feb 13, 2020 Risk IR Number: FG-IR-19-186
FortiSIEM default SSH key for the "tunneluser" account is the same across all appliances
A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH...
Jan 15, 2020 Risk IR Number: FG-IR-19-296
FortiOS SSL VPN web portal Host Header Redirection
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted H...
FortiGate 5.4, 5.6, 6.0
Jan 03, 2020 Risk IR Number: FG-IR-19-002
XSS vulnerability in FortiGate DHCP monitor page
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may a...
Nov 25, 2019 Risk IR Number: FG-IR-19-184
FortiOS admin privilege escalation via restoring configs
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restori...
Nov 14, 2019 Risk IR Number: FG-IR-17-053
Console window of FortiClient for Mac OS displays password in clear-text.
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker  to read sen...
Nov 08, 2019 Risk IR Number: FG-IR-19-227
Meltdown and Spectre class vulnerabilities
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc. These attacks allow malicious use...
Aug 26, 2019 Risk IR Number: FG-IR-18-002
Multiple VPN applications insecurely store session cookies
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie f...
Apr 23, 2019 Risk IR Number: FG-IR-19-110