PSIRT Advisories
The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.
Certificates taken out of service could potentially be improperly re-used. Impact detailFortinet has already taken steps to mitigate...
FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had read/write...
FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string.
Multiple Remote Code Execution vulnerabilities (CVE-2017-9805, CVE-2017-9804, CVE-2017-9793) are affecting Apache Struts.
FortiWLM has a hard-coded password for its "upgrade" user account, which it uses to transfer files to and from the FortiWLC controller....
Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:CVE-2017-7337: Improper Access...
FortiWLC comes with a hardcoded account named 'core' which is used by Meru Access Points to send core dumps to the FortiWLC and...
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which...
An undocumented account used for communication with authorized FortiManager
devices exists on some versions of FortiOS, FortiAnalyzer,...
A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availability")...
An information disclosure vulnerability has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This vulnerability may allow...
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to...
Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker...