PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow a remote authenticated attacker...

Jan 04, 2021 Risk IR Number: FG-IR-20-103
A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL...

Jan 04, 2021 Risk IR Number: FG-IR-20-124
A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the content...

Jan 04, 2021 Risk IR Number: FG-IR-20-125
A stack-based buffer overflow vulnerability in FortiWeb may allow a remote, unauthenticated attacker to crash the httpd daemon...

Jan 04, 2021 Risk IR Number: FG-IR-20-126
A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and retrieve...

Jan 04, 2021 Risk IR Number: FG-IR-20-123
FortiClient and FortiOS AV engines may not immediately detect certain types of malformed or non-standard RAR archives, potentially...

Dec 01, 2020 Risk IR Number: FG-IR-20-037
An improper neutralization of input vulnerability in the FortiGate may allow a remote attacker to perform a stored cross site...

FortiOS 6.2, 6.4
Dec 01, 2020 Risk IR Number: FG-IR-20-068
A cleartext storage of sensitive information in GUI in FortiADC may allow a remote authenticated attacker to retrieve some sensitive...

Nov 03, 2020 Risk IR Number: FG-IR-20-044
An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker...

Nov 03, 2020 Risk IR Number: FG-IR-20-105
A cleartext storage of sensitive information vulnerability in FortiOS command line interface may allow an authenticated attacker...

Oct 19, 2020 Risk IR Number: FG-IR-20-009
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS may allow an authenticated remote attacker to crash...

Oct 01, 2020 Risk IR Number: FG-IR-19-248
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiOS may allow a remote...

Sep 24, 2020 Risk IR Number: FG-IR-20-082
Under non-default configuration, a stack-based buffer overflow in FortiGate may allow a remote attacker authenticated to the SSL...

Sep 24, 2020 Risk IR Number: FG-IR-20-083
An improper neutralization of input vulnerability in FortiNAC may allow a remote authenticated attacker to perform a stored cross...

Sep 23, 2020 Risk IR Number: FG-IR-20-002
An improper neutralization of input vulnerability in FortiAnalyzer and FortiTester may allow a remote authenticated attacker to...

Sep 21, 2020 Risk IR Number: FG-IR-20-054