Filter by Date
- 2020
  - 10 March
  - 7 February
  - 10 January
- 2019
  - 1 December
  - 13 November
  - 4 October
  - 3 September
  - 6 August
  - 6 July
  - 2 June
  - 3 May
  - 7 April
  - 1 March
  - 1 February
  - 2 January
- 2018
  - 1 December
  - 5 November
  - 8 August
  - 2 July
  - 5 June
  - 5 May
  - 3 April
  - 1 March
  - 2 January
- 2017
  - 3 December
  - 6 November
  - 8 October
  - 1 September
  - 2 August
  - 2 July
  - 2 June
  - 2 May
  - 12 April
  - 2 February
- 2016
  - 1 December
  - 5 November
  - 1 October
  - 6 September
  - 6 August
  - 3 July
  - 1 June
  - 2 May
  - 1 April
  - 2 March
  - 1 February
  - 1 January
- 2015
  - 2 December
  - 2 September
  - 6 July
  - 1 June
  - 2 May
  - 3 April
  - 2 March
  - 5 February
  - 1 January
- 2014
  - 1 December
  - 3 October
  - 1 September
  - 1 August
  - 1 July
  - 1 June
  - 1 May
  - 3 April
  - 3 February
  - 1 January
- 2013
  - 1 December
  - 1 November
  - 1 July
  - 1 June
  - 1 May
  - 1 January
- 2012
  - 2 December
  - 2 October
  - 1 September
  - 1 August
  - 1 May
  - 1 February
Filter by Risk
- 15
- 35
- 113
- 59
- 10
Filter by Affected Product
- All

Refine Search

PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

FortiAP-S/W2 system files overwrite through tcpdump CLI command

An improper input validation (CWE-20) vulnerability in FortiAP-S/W2 CLI admin console may allow unauthorized administrators to...

FortiAP 5.6, 6.0, 6.2

Feb 10, 2020 Risk

IR Number: FG-IR-19-298

Slow HTTP DoS Attacks Mitigation

An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal denial...

FortiAnalyzer 5.6, 6.0, 6.2 FortiAP 6.0, 6.2 FortiManager 5.6, 6.0, 6.2 FortiOS 6.0, 6.2 FortiSwitch 6.0, 6.2

Feb 03, 2020 Risk

IR Number: FG-IR-19-013

FortiOS SSL VPN user credential plaintext storage

A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in...

FortiGate 5.4, 5.6, 6.0, 6.2

Jan 27, 2020 Risk

IR Number: FG-IR-19-217

Privilege escalation and DoS in FortiClient for Linux through local IPC socket

A privilege escalation vulnerability in FortiClient for Linux may allow a user with low privilege to run root system commands,...

Jan 27, 2020 Risk

IR Number: FG-IR-19-238

PMKID attack on WPA/WPA2 WiFi networks

Makers of popular WiFi hacking tool hashcat have discovered a way to improve password brute-forcing of the WPA/WPA2 wifi network...

Jan 27, 2020 Risk

IR Number: FG-IR-18-199

FortiSIEM - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in...

Jan 27, 2020 Risk

IR Number: FG-IR-19-197

FortiSIEM default SSH key for the "tunneluser" account is the same across all appliances

A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access...

Jan 15, 2020 Risk

IR Number: FG-IR-19-296

FortiSIEM Database hard-coded Credentials

A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database via...

FortiSIEM 5.0, 5.1, 5.2

Jan 13, 2020 Risk

IR Number: FG-IR-19-195

XSS vulnerability in FortiAuthenticator OWA Agent

An improper neutralization of input during web page generation in FortiAuthenticator Agent for Outlook Web Access may allow an...

Jan 06, 2020 Risk

IR Number: FG-IR-19-104

Dragonblood vulnerabilities in WiFi WPA3 standard implementation

Multiple vulnerabilities, referred to as Dragonblood, exist in WiFi WPA3 standard implementation .Dragonblood vulnerabilities...

Jan 03, 2020 Risk

IR Number: FG-IR-19-107

FortiMail admin privilege escalation through improper user profile control

Two improper access control vulnerabilities in FortiMail admin webUI may allow administrators to perform privileged functions...

Jan 03, 2020 Risk

IR Number: FG-IR-19-237

FortiOS SSL VPN web portal Host Header Redirection

A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP...

FortiGate 5.4, 5.6, 6.0

Jan 03, 2020 Risk

IR Number: FG-IR-19-002

Hardcoded cryptographic key in the FortiGuard services communication protocol

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge...

Dec 05, 2019 Risk

IR Number: FG-IR-18-100

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

CVE-2019-11477:The Linux kernel is vulnerable to an integer overflow in the 16 bit width of TCP_SKB_CB(skb)->tcp_gso_segs. A...

Nov 29, 2019 Risk

IR Number: FG-IR-19-180

FortiOS multiple pre-auth XSS vulnerabilities on SSL VPN

Failure to sanitize the error or message handling parameters in the SSL VPN web portal may allow an attacker to perform a Cross-site...

Nov 26, 2019 Risk

IR Number: FG-IR-18-383

Refine

PSIRT Advisories