PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate on port 80/443, it is not redirected to t...

FortiGate 6.2, 6.4
Jan 21, 2021 Risk IR Number: FG-IR-20-172
During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerabilit...

Dec 01, 2020 Risk IR Number: FG-IR-20-035
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnal...

FortiAnalyzer 6.0, 6.2 FortiManager 6.0, 6.2 FortiOS 6.0, 6.2
Jun 30, 2020 Risk IR Number: FG-IR-19-007
Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may a...

FortiClient 6.0, 6.2
Jun 01, 2020 Risk IR Number: FG-IR-19-194
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform c...

Apr 06, 2020 Risk IR Number: FG-IR-20-013
An improper neutralization of input vulnerability in FortiManager GUI may allow an authenticated attacker to perform an XS...

Mar 11, 2020 Risk IR Number: FG-IR-19-271
An improper neutralization of input vulnerability in the FortiADC may allow an attacker to execute a stored Cross Site Scr...

FortiADC 5.3
Mar 09, 2020 Risk IR Number: FG-IR-19-220
FortiGate models which do not contain and embedded TRNG may suffer from insufficient entropy ("seed") in the CTR DRBG rand...

Feb 13, 2020 Risk IR Number: FG-IR-19-186
A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH...

Jan 15, 2020 Risk IR Number: FG-IR-19-296
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted H...

FortiGate 5.4, 5.6, 6.0
Jan 03, 2020 Risk IR Number: FG-IR-19-002
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may a...

Nov 25, 2019 Risk IR Number: FG-IR-19-184
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restori...

Nov 14, 2019 Risk IR Number: FG-IR-17-053
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker  to read sen...

Nov 08, 2019 Risk IR Number: FG-IR-19-227
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc. These attacks allow malicious use...

Aug 26, 2019 Risk IR Number: FG-IR-18-002
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie f...

Apr 23, 2019 Risk IR Number: FG-IR-19-110