PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS may allow the connection to a ...

FortiOS 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 7.0.0., 7.0.1
Nov 02, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-21-074 CVE-2021-41019
Fortigate's read-only admins are able to point a LDAP server connectivity test request to a rogue LDAP server instead of t...

FortiADC 6.1.0, 6.0.2, 6.0.1, 6.0.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0 FortiOS 6.0.2, 6.0.1, 6.0.0, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0
Jun 01, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-18-157 CVE-2018-13374
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate on port 80/443, it is not redirected to t...

FortiOS 6.2.4
Jan 21, 2021 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-20-172 CVE-2020-15938
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnal...

FortiAnalyzer 6.0, 6.2 FortiManager 6.0, 6.2 FortiOS 6.0, 6.2
Jun 30, 2020 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-19-007 CVE-2019-6693
FortiGate models which do not contain and embedded TRNG may suffer from insufficient entropy ("seed") in the CTR DRBG rand...

FortiOS 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.0.5, 5.0.4, 5.0.3
Feb 13, 2020 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-19-186 CVE-2019-15703
A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted H...

FortiOS 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0
Jan 03, 2020 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-19-002 CVE-2018-13384
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may a...

FortiOS 6.2.1, 6.2.0
Nov 25, 2019 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-19-184 CVE-2019-6697
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restori...

FortiOS 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0 FortiADC 5.2.2, 5.1.4
Nov 14, 2019 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-17-053 CVE-2017-17544
The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers i...

FortiOS 5.6.2, 5.6.1, 5.6.0, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0
Jan 22, 2018 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-17-262 CVE-2017-14190
FortiOS is subject to a Cross-Site Scripting vulnerability,  due to an improperly sanitized parameter in a hidden CLI conf...

FortiOS 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0
May 17, 2017 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-17-057 CVE-2017-3128
An XSS vulnerability caused by the scrintf parameter input during Firewall Policy Creation can be exploited to load and ru...

FortiOS 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.10, 5.2.1, 5.2.0
Apr 19, 2017 Risk light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo IR Number: FG-IR-17-017 CVE-2017-3127