PSIRT Advisories
The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of...
Fortigate's read-only admins are able to point a LDAP server connectivity test request to a rogue LDAP server instead of the configured...
Two new attacks on IPsec IKE (Internet Key Exchange) were recently disclosed [1], involving multiple ways to perform attacks against...
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible...
On May 23, 2018, Talos disclosed in a blog post the discovery of a modular malware system they deemed "VPNFilter", affecting multiple...
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.
Before August, 2018, parameters at /loginmgrlogin in forticloud.com were vulnerable to a Cross-Site-Scripting (XSS) attack.
FortiCloud password reset link requested by the user takes one hour to
expire even after password was changed successfully,...
The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname of the...
FortiWeb's "Recursive URL Decoding" feature can detect URL-based attacks (among which XSS and SQL injection attempts) even when...
The OpenSSL project released an advisory on Jan 26th, 2017, describing 3 Moderate, 1 Low severity vulnerabilities, as listed below: CVE-2017-3731:...
Javascript code and HTML tags can be injected into the CN value of CA and CRL certificates via the import CA and CRL certificates...
An information disclosure vulnerability exists in the SSL-VPN web portal of FortiOS: when pages bookmarked in the web portal use...
An open redirect vulnerability exists in FortiAnalyzer and FortiManager when a user of the GUI is converting an HTML table to...
An improper access control vulnerability exists in FortiAnalyzer and FortiManager, whereby a regular user of the GUI can edit...