PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

FortiWebManager 5.8.0 improperly handles admin login access

FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string.

Nov 22, 2017 Risk

IR Number: FG-IR-17-248

FortiWeb Stored XSS vulnerability on webUI certificate view page

There exists a persistent Cross-site Scripting (XSS) vulnerability on FortiWeb's webUI Certificate View page, which can be triggered...

Nov 17, 2017 Risk

IR Number: FG-IR-17-131

ROCA: Vulnerable RSA key pairs generation (CVE-2017-15361)

An old Infineon RSA library does not properly generate RSA key pairs, therefore enabling an attacker to potentially infer a private...

Nov 03, 2017 Risk

IR Number: FG-IR-17-249

BlueBorne vulnerabilities and security flaws in Bluetooth stacks

A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively...

Nov 03, 2017 Risk

IR Number: FG-IR-17-212

FortiOS Reflected XSS in Web Proxy Disclaimer Response web page

A reflected XSS vulnerability exists in FortiOS web proxy disclaimer response web pages, potentially exploitable by an unauthenticated...

Nov 03, 2017 Risk

IR Number: FG-IR-17-168

FortiOS SSL Deep-Inspection possible Insecure Renegotiation

FortiOS SSL Deep-Inspection may enable insecure renegotiation between TLS clients and servers that support secure renegotiation,...

Nov 03, 2017 Risk

IR Number: FG-IR-17-137

Refine RESET

PSIRT Advisories

Refine
RESET