- Filter by Date
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
- 2013
- 1 06-2013
- 2012
- Filter by Severity
-
Filter by Affected Product
- All
- 14 FortiOS
- 4 FortiManager
- 4 FortiADC
- 3 FortiSandbox
- 3 FortiAuthenticator
- 3 FortiSIEM
- 3 FortiClientMac
- 2 FortiClientWindows
- 2 FortiPortal
- 2 FortiWAN
- 2 FortiDeceptor
- 1 FortiProxy
- 1 FortiAnalyzer
- 1 FortiMail
- 1 FortiNAC
- 1 FortiSOAR
- 1 FortiRecorder
- 1 FortiVoiceEnterprise
- 1 AscenLink
- 1 FortiAP-U
- 1 FortiDB
- 1 FortiDDoS
- 1 Meru AP
- 1 FortiTokenAndroid
- 1 FortiWAN-Manager
- 0 FortiWeb
- 0 FortiClientEMS
- 0 FortiWLC
- 0 FortiAP
- 0 FortiTester
- 0 FortiAP-W2
- 0 FortiSwitch
- 0 FortiWLM
- 0 FortiAP-S
- 0 FortiClientLinux
- 0 FortiEDR
- 0 FortiCache
- 0 FortiExtender
- 0 FortiADCManager
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiTokenIOS
- 0 FSSO Windows CA
- 0 FortiAP-C
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiDDoS-CM
- 0 FortiSwitchManager
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice
May
(3)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC may increase the chances of an attacker to hav...
May 03, 2023
Severity
Low
IR Number: FG-IR-22-452
CVE-2022-45858
Low
IR Number: FG-IR-22-452
CVE-2022-45858
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC may allow a local attacker with system access ...
FortiNAC
9.4.1, 9.4.0, 9.2.6, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.1, 9.2.0, 9.1.8, 9.1.7, 9.1.6, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0
May 03, 2023
Severity
Low
IR Number: FG-IR-22-456
CVE-2022-45859
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC may allow an unauthenticated att...
May 03, 2023
Severity
Low
IR Number: FG-IR-22-407
CVE-2022-43950
Low
IR Number: FG-IR-22-407
CVE-2022-43950
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC...
FortiADC
7.1.1, 7.1.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Apr 11, 2023
Severity
Low
IR Number: FG-IR-22-439
CVE-2022-43952
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiAuthenticator, FortiDeceptor ...
FortiMail
6.4.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
FortiAuthenticator
6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.2, 6.2.1, 6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.5.0, 5.4.1, 5.4.0, 5.3.1, 5.3.0, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0
FortiDeceptor
3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 2.1.0, 2.0.0, 1.1.0, 1.0.1, 1.0.0
Mar 07, 2023
Severity
Low
IR Number: FG-IR-20-078
CVE-2022-29056
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys (ddns-key or n-m...
Feb 16, 2023
Severity
Low
IR Number: FG-IR-22-080
CVE-2022-29054
Low
IR Number: FG-IR-22-080
CVE-2022-29054
A improper neutralization of input during web page generation ('cross-site scripting') [CWE-79] in FortiOS may allow a pri...
Dec 06, 2022
Severity
Low
IR Number: FG-IR-21-248
CVE-2022-40680
Low
IR Number: FG-IR-21-248
CVE-2022-40680
Improper neutralization of input during web page generation [CWE-79] in FortiSOAR may allow an authenticated attacker to i...
FortiSOAR
7.2.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0
Dec 06, 2022
Severity
Low
IR Number: FG-IR-22-220
CVE-2022-38379
An insufficient logging [CWE-778] vulnerability in FortiSandbox and FortiDeceptor may allow a remote attacker to repeatedl...
FortiDeceptor
4.2.0, 4.1.1, 4.1.0, 4.0.2, 4.0.1, 4.0.0, 3.3.3, 3.3.2, 3.3.1, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0
FortiSandbox
4.0.3, 4.0.2, 4.0.1, 4.0.0, 3.2.4, 3.2.3, 3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0
Dec 06, 2022
Severity
Low
IR Number: FG-IR-21-170
CVE-2022-30305
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac may allow a l...
FortiClientMac
7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
Nov 01, 2022
Severity
Low
IR Number: FG-IR-22-246
CVE-2022-33878
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS may allow an unauthenticated atta...
FortiOS
7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0
FortiProxy
7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.12, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0
Nov 01, 2022
Severity
Low
IR Number: FG-IR-22-228
CVE-2022-30307
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN may allow a remot...
FortiOS
7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0
Nov 01, 2022
Severity
Low
IR Number: FG-IR-22-223
CVE-2022-35842
An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI may allow an unauthe...
Oct 10, 2022
Severity
Low
IR Number: FG-IR-22-026
CVE-2022-26121
Low
IR Number: FG-IR-22-026
CVE-2022-26121
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt keytab values in FortiOS & FortiProxy ...
Sep 06, 2022
Severity
Low
IR Number: FG-IR-22-158
CVE-2022-29053
Low
IR Number: FG-IR-22-158
CVE-2022-29053
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb...
Sep 06, 2022
Severity
Low
IR Number: FG-IR-22-140
CVE-2022-29059
Low
IR Number: FG-IR-22-140
CVE-2022-29059