PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An improper input validation in FortiAI v1.4.0 may allow an authenticated user to gain system shell access via a malicious...

May 05, 2021 Risk IR Number: FG-IR-21-033
An OS command injection vulnerability in FortiDeceptor may allow a remote authenticated attacker to execute arbitrary comm...

Jan 04, 2021 Risk IR Number: FG-IR-20-177
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux may allow local users to...

Oct 19, 2020 Risk IR Number: FG-IR-20-110
The Apache project released an advisory on August 7th 2020, which describes the following vulnerabilities:1) CVE-2020-9490...

Oct 05, 2020 Risk IR Number: FG-IR-20-128
Makers of popular WiFi hacking tool hashcat have discovered a way to improve password brute-forcing of the WPA/WPA2 wifi n...

Jan 27, 2020 Risk IR Number: FG-IR-18-199
Two improper access control vulnerabilities in FortiMail admin webUI may allow administrators to perform privileged functi...

Jan 03, 2020 Risk IR Number: FG-IR-19-237
CVE-2019-11477:The Linux kernel is vulnerable to an integer overflow in the 16 bit width of  TCP_SKB_CB(skb)->tcp_gso_segs...

Nov 29, 2019 Risk IR Number: FG-IR-19-180
A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for l...

Nov 26, 2019 Risk IR Number: FG-IR-18-388
A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS...

Nov 26, 2019 Risk IR Number: FG-IR-18-384
Some models of FortiAnalyzer and FortiManager have a default setting of "Failover", for remote IPMI access; this means tha...

Sep 17, 2019 Risk IR Number: FG-IR-17-195
An Improper Authorization vulnerability in the SSL VPN web portal may allow an unauthenticated attacker to change the pass...

Aug 30, 2019 Risk IR Number: FG-IR-18-389
11 zero day vulnerabilities (aka. URGENT/11) were disclosed in VxWorks® TCP/IP stack (IPnet):CVE-2019-12255 - TCP Urgent P...

Aug 26, 2019 Risk IR Number: FG-IR-19-222
An Use of Hard-coded Credentials vulnerability in FortiRecorder may allow an unauthenticated attacker with knowledge of th...

Aug 12, 2019 Risk IR Number: FG-IR-19-185
Multiple Fortinet products may be affected by the following Linux Kernel vulnerability:CVE-2016-10229 Linux Kernel ipv4/ud...

Jul 24, 2019 Risk IR Number: FG-IR-17-118
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing sett...

Apr 04, 2019 Risk IR Number: FG-IR-18-230