PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive...

Nov 22, 2018 Risk IR Number: FG-IR-18-325
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of...

Nov 16, 2018 Risk IR Number: FG-IR-18-101
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.

Aug 27, 2018 Risk IR Number: FG-IR-18-016
The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname of the...

Aug 23, 2018 Risk IR Number: FG-IR-18-085
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically...

May 18, 2018 Risk IR Number: FG-IR-17-231
The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number.

Aug 11, 2017 Risk IR Number: FG-IR-17-073
The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext.

Aug 11, 2017 Risk IR Number: FG-IR-17-162
The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message. An attacker...

Jul 15, 2015 Risk IR Number: FG-IR-15-016