PSIRT Advisories
The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.
Some models of FortiAnalyzer and FortiManager have a default setting of "Failover", for remote IPMI access; this means that if...
A Cross-site Scripting (XSS) vulnerability in FortiOS SSL-VPN web portal may allow a remote user to inject arbitrary web code...
FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string.
There exists a persistent Cross-site Scripting (XSS) vulnerability on FortiWeb's webUI Certificate View page, which can be triggered...
An old Infineon RSA library does not properly generate RSA key pairs, therefore enabling an attacker to potentially infer a private...
A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively...
A reflected XSS vulnerability exists in FortiOS web proxy disclaimer response web pages, potentially exploitable by an unauthenticated...
FortiOS SSL Deep-Inspection may enable insecure renegotiation between TLS clients and servers that support secure renegotiation,...