PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge...

Dec 05, 2019 Risk IR Number: FG-IR-18-100
Failure to sanitize the error or message handling parameters in the SSL VPN web portal may allow an attacker to perform a Cross-site...

Nov 26, 2019 Risk IR Number: FG-IR-18-383
A privilege escalation vulnerability in FortiClient for Linux may allow a user with low privilege to run root system commands,...

Nov 15, 2019 Risk IR Number: FG-IR-19-238
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before it...

Nov 14, 2019 Risk IR Number: FG-IR-19-017
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of...

Nov 14, 2019 Risk IR Number: FG-IR-19-134
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an unauthenticated...

Nov 14, 2019 Risk IR Number: FG-IR-19-099
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS may allow an unauthenticated remote attacker to crash...

Nov 08, 2019 Risk IR Number: FG-IR-19-236
An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbitrary...

Nov 01, 2019 Risk IR Number: FG-IR-19-273
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes,...

Oct 29, 2019 Risk IR Number: FG-IR-19-210
FortiClient for Windows could be subject to the following shut down or tampering attempts:a) User Interface or Command Line shut...

Oct 18, 2019 Risk IR Number: FG-IR-19-148
Multiple information exposure vulnerabilities in FortiOS may allow an unauthenticated attacker to perform some information gathering...

Oct 18, 2019 Risk IR Number: FG-IR-19-043
An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated attacker...

Oct 08, 2019 Risk IR Number: FG-IR-19-100
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized...

Sep 23, 2019 Risk IR Number: FG-IR-19-072
Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service (DoS) attacks.The related CVEs are:CVE-2019-9511,...

Sep 03, 2019 Risk IR Number: FG-IR-19-225
Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS) attack...

Aug 21, 2019 Risk IR Number: FG-IR-19-034