Filter by Date
- 2020
  - 1 09-2020
  - 1 06-2020
- 2019
  - 1 07-2019
- 2018
  - 2 11-2018
  - 2 08-2018
  - 1 05-2018
- 2017
  - 2 08-2017
- 2015
  - 1 07-2015
Filter by Severity
- 0 Critical
- 0 High
- 0 Medium
- 0 Low
- 11 Informational
Filter by Affected Product
- All
- 6 FortiOS
- 1 FortiManager

Filter by Date:
switch-on-logo

All

2020

September (1)

June (1)

2019

July (1)

2018

November (2)

August (2)

May (1)

2017

August (2)

2015

July (1)

Filter by Severity Level:
switch-off-logo

All

Filter by Affected Product:
switch-on-logo

All

FortiOS (6)

FortiManager (1)

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2022: May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiGate fails to log traffic for Fortinet owned IP address range

FortiGate may fail to record traffic destined to Fortinet owned IP addresses i.e. traffic destined to the following subnet...

Sep 24, 2020 Severity light-circle-logo

Informational IR Number: FG-IR-20-033 CVE-2020-12818 (disputed)

FortiOS reveals platform information without authentication

An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information...

FortiOS 6.2.3, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0

Jun 01, 2020 Severity light-circle-logo

Informational IR Number: FG-IR-18-173 CVE-2018-13367

FortiOS TCP timestamp response

FortiOS by default enables TCP timestamp response, which may lead to information disclosure.The TCP timestamp response can...

Jul 24, 2019 Severity light-circle-logo

Informational IR Number: FG-IR-16-090

Uninitialized memory buffer leak in FortiOS explicit web proxy

An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensi...

FortiOS 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 5.6.3, 5.6.2, 5.6.1, 5.4.7, 5.4.6, 5.2.15, 5.2.14, 5.2.13, 5.2.12

Nov 22, 2018 Severity light-circle-logo

Informational IR Number: FG-IR-18-325 CVE-2018-13376

Serial number disclosure in the FortiOS PPTP server hostname protocol field

Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packet...

FortiOS 6.0.1, 6.0.0, 5.6.7, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0

Nov 16, 2018 Severity light-circle-logo

Informational IR Number: FG-IR-18-101 CVE-2018-13366

FortiManager allows unauthorized viewing of vdoms settings by any adom standard users

A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.

FortiManager 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0

Aug 27, 2018 Severity light-circle-logo

Informational IR Number: FG-IR-18-016 CVE-2018-1353

Application control block page leaks private IP and hostname

The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname ...

FortiOS 6.0.1, 6.0.0, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0

Aug 23, 2018 Severity light-circle-logo

Informational IR Number: FG-IR-18-085 CVE-2018-13365

Firewall information leak to regular SSL VPN web portal users

A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via spec...

FortiOS 5.6.2, 5.6.1, 5.6.0, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0

May 18, 2018 Severity light-circle-logo

Informational IR Number: FG-IR-17-231 CVE-2017-14185

FortiOS IKE VendorID version information disclosure

The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number.

FortiOS 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0

Aug 11, 2017 Severity light-circle-logo

Informational IR Number: FG-IR-17-073 CVE-2017-3130

FortiWeb SNMPv3 user password viewable in HTML source code

The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext.

Aug 11, 2017 Severity light-circle-logo

Informational IR Number: FG-IR-17-162 CVE-2017-7737

"POODLE has friends" vulnerability

The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message. An atta...

Jul 15, 2015 Severity light-circle-logo

Informational IR Number: FG-IR-15-016

Network

Content and Endpoint

Application

Response

FortiNDR

FortiSandbox

FortiTester

Refine
RESET

PSIRT Advisories

Monthly PSIRT Advisories

News / Research

Network

Content and Endpoint

Application

Response

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer/FortiSIEM

FortiCWP

FortiWeb

FortiNDR

FortiSandbox

FortiTester

Threat Lookup

PSIRT

Resources

Refine RESET

PSIRT Advisories

Monthly PSIRT Advisories

Refine
RESET