PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

A use of hard-coded password vulnerability in Meru AP may allow a remote authenticated attacker to access the system as ro...

May 05, 2021 Risk IR Number: FG-IR-20-147
A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root by abusing the...

May 05, 2021 Risk IR Number: FG-IR-20-038
An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy may allow a remote auth...

May 05, 2021 Risk IR Number: FG-IR-20-226
A clear text storage of sensitive information into log file vulnerability in FortiADCManager and FortiADC may allow a remo...

Apr 06, 2021 Risk IR Number: FG-IR-19-244
A stack-based buffer overflow vulnerability in the HTTPD daemon of FortiProxy may allow an authenticated remote attacker t...

Apr 06, 2021 Risk IR Number: FG-IR-21-007
An information disclosure vulnerability in FortiWeb's Web Vulnerability Scan profile may allow a remote authenticated atta...

Apr 06, 2021 Risk IR Number: FG-IR-20-076
An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenti...

Mar 02, 2021 Risk IR Number: FG-IR-20-230
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiProxy SSL VPN may allow an attacker to retrieve a...

Mar 02, 2021 Risk IR Number: FG-IR-20-224
An improper access control vulnerability in FortiProxy SSL VPN portal may allow an authenticated, remote attacker to acces...

Mar 02, 2021 Risk IR Number: FG-IR-20-235
A cleartext storage of sensitive information vulnerability in FortiProxy command line interface may allow an authenticated...

Mar 02, 2021 Risk IR Number: FG-IR-20-236
An improper neutralization of input vulnerability in FortiGate Cloud may allow a remote authenticated attacker to perform ...

Feb 24, 2021 Risk IR Number: FG-IR-20-193
An improper neutralization of input during web page generation in FortiWeb GUI interface may allow an unauthenticated, rem...

Feb 03, 2021 Risk IR Number: FG-IR-20-122
A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perfo...

Feb 03, 2021 Risk IR Number: FG-IR-20-232
A heap buffer overflow vulnerability in the FortiProxy SSL VPN web portal may cause the SSL VPN web service termination fo...

Feb 03, 2021 Risk IR Number: FG-IR-20-229
An insufficient session expiration vulnerability in FortiIsolator may allow an attacker to reuse the unexpired admin user ...

FortiIsolator 2.0
Jan 21, 2021 Risk IR Number: FG-IR-20-011