Refine
RESET


Filter by Date:
All
Filter by Risk Level:
All

PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

Ripple20 - Critical Vulnerabilities in low-level TCP/IP software library developed by Treck
On June 16, 2020, cybersecurity researchers from JSOF published a set of 19 vulnerabilities, dubbed Ripple20 that are impacting...
Jul 30, 2020 Risk IR Number: FG-IR-20-104
Authentication bypass in FortiMail and FortiVoiceEnterprise
An improper authentication vulnerability in FortiMail and FortiVoiceEnterprise may allow a remote unauthenticated attacker to...
Apr 27, 2020 Risk IR Number: FG-IR-20-045
Improper check for certificate revocation vulnerability
Certificates taken out of service could potentially be improperly re-used. Impact detailFortinet has already taken steps to mitigate...
Jul 19, 2019 Risk IR Number: FG-IR-19-144
Use of hardcoded credentials for communication between Meru access points and FortiWLC
FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had read/write...
May 04, 2018 Risk IR Number: FG-IR-17-274
FortiWebManager 5.8.0 improperly handles admin login access
FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string.
Nov 22, 2017 Risk IR Number: FG-IR-17-248
Apache Struts RCE Vulnerability
Multiple Remote Code Execution vulnerabilities (CVE-2017-9805, CVE-2017-9804, CVE-2017-9793) are affecting Apache Struts.
Sep 29, 2017 Risk IR Number: FG-IR-17-205
FortiWLM upgrade user account hard-coded credentials
FortiWLM has a hard-coded password for its "upgrade" user account, which it uses to transfer files to and from the FortiWLC controller....
Jun 30, 2017 Risk IR Number: FG-IR-17-115
FortiPortal Multiple Vulnerabilities
Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:CVE-2017-7337: Improper Access...
May 15, 2017 Risk IR Number: FG-IR-17-114
FortiWLC Undocumented Hardcoded core Account
FortiWLC comes with a hardcoded account named 'core' which is used by Meru Access Points to send core dumps to the FortiWLC and...
Nov 09, 2016 Risk IR Number: FG-IR-16-065
FortiWLC Undocumented Hardcoded Rsync Account
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which...
Sep 30, 2016 Risk IR Number: FG-IR-16-029
Multiple Products SSH Undocumented Login Vulnerability
An undocumented account used for communication with authorized FortiManager devices exists on some versions of FortiOS, FortiAnalyzer,...
Jan 12, 2016 Risk IR Number: FG-IR-16-001
ZebOS routing remote shell service enabled
A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availability")...
Jul 24, 2015 Risk IR Number: FG-IR-15-020
FortiADC-E remote network access vulnerability
Oct 21, 2014 Risk IR Number: FG-IR-14-032
Remote Exploit Vulnerability in Bash - (Shellshock)
Sep 25, 2014 Risk IR Number: FG-IR-14-030
Information Disclosure Vulnerability in OpenSSL (Heartbleed)
An information disclosure vulnerability has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This vulnerability may allow...
Apr 08, 2014 Risk IR Number: FG-IR-14-011