Refine
RESET


Filter by Date:
All
Filter by Risk Level:
All

PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

Improper check for certificate revocation vulnerability
Certificates taken out of service could potentially be improperly re-used. Impact detailFortinet has already taken steps to mitigate...
Jul 19, 2019 Risk IR Number: FG-IR-19-144
Use of hardcoded credentials for communication between Meru access points and FortiWLC
FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had read/write...
May 04, 2018 Risk IR Number: FG-IR-17-274
FortiWebManager 5.8.0 improperly handles admin login access
FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string.
Nov 22, 2017 Risk IR Number: FG-IR-17-248
Apache Struts RCE Vulnerability
Multiple Remote Code Execution vulnerabilities (CVE-2017-9805, CVE-2017-9804, CVE-2017-9793) are affecting Apache Struts.
Sep 29, 2017 Risk IR Number: FG-IR-17-205
FortiWLM upgrade user account hard-coded credentials
FortiWLM has a hard-coded password for its "upgrade" user account, which it uses to transfer files to and from the FortiWLC controller....
Jun 30, 2017 Risk IR Number: FG-IR-17-115
FortiPortal Multiple Vulnerabilities
Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:CVE-2017-7337: Improper Access...
May 15, 2017 Risk IR Number: FG-IR-17-114
FortiWLC Undocumented Hardcoded core Account
FortiWLC comes with a hardcoded account named 'core' which is used by Meru Access Points to send core dumps to the FortiWLC and...
Nov 09, 2016 Risk IR Number: FG-IR-16-065
FortiWLC Undocumented Hardcoded Rsync Account
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which...
Sep 30, 2016 Risk IR Number: FG-IR-16-029
Multiple Products SSH Undocumented Login Vulnerability
An undocumented account used for communication with authorized FortiManager devices exists on some versions of FortiOS, FortiAnalyzer,...
Jan 12, 2016 Risk IR Number: FG-IR-16-001
ZebOS routing remote shell service enabled
A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availability")...
Jul 24, 2015 Risk IR Number: FG-IR-15-020
FortiADC-E remote network access vulnerability
Oct 21, 2014 Risk IR Number: FG-IR-14-032
Remote Exploit Vulnerability in Bash - (Shellshock)
Sep 25, 2014 Risk IR Number: FG-IR-14-030
Information Disclosure Vulnerability in OpenSSL (Heartbleed)
An information disclosure vulnerability has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This vulnerability may allow...
Apr 08, 2014 Risk IR Number: FG-IR-14-011
FortiBalancer Remote SSH Vulnerability
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to...
Apr 02, 2014 Risk IR Number: FG-IR-14-010
Potential Man-In-The Middle Vulnerability in FortiClient VPN
Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker...
May 13, 2013 Risk IR Number: FG-IR-13-008