Refine Search

PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiOS & FortiProxy - Stored XSS in guest management page

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS ...

FortiProxy 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.10, 7.0.9, 7.0.8, 7.0.7, 7.0.6 ... FortiOS 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.11, 7.0.10, 7.0.9, 7.0.8, 7.0.7 ...

Sep 13, 2023 GUI Severity black-background-circle-icon

High IR Number: FG-IR-23-106 CVE-2023-29183

FortiOS - Buffer overflow in execute extender command

A stack-based buffer overflow vulnerability [CWE-121] in FortiOS may allow a privileged attacker to execute arbitrary code...

FortiOS 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.14, 6.4.13, 6.4.12, 6.4.11, 6.4.10, 6.4.9 ...

Aug 17, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-23-149 CVE-2023-29182

FortiOS - Existing websocket connection persists after deleting API admin

An insufficient session expiration [CWE-613] vulnerability in FortiOS REST API may allow an attacker to keep a secure webs...

FortiOS 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.12, 7.0.11, 7.0.10, 7.0.9, 7.0.8 ...

Jul 11, 2023 GUI Severity black-background-circle-icon

Medium IR Number: FG-IR-23-028 CVE-2023-28001

FortiOS/FortiProxy - Proxy mode with deep inspection - Stack-based buffer overflow

A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary co...

FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.10, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5 ... FortiProxy 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3 ...

Jul 11, 2023 Severity black-background-circle-icon

Critical IR Number: FG-IR-23-183 CVE-2023-33308

FortiOS & FortiProxy: authenticated user null pointer dereference in SSL-VPN

A NULL pointer dereference vulnerability [CWE-476] in SSL-VPN may allow an authenticated remote attacker to trigger a cras...

FortiOS 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5 ... FortiProxy 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4 ...

Jun 16, 2023 SSL-VPN Severity black-background-circle-icon

Medium IR Number: FG-IR-23-015 CVE-2023-33306

FortiOS & FortiProxy - Access of uninitialized pointer in administrative interface API

An access of uninitialized pointer vulnerability [CWE-824] in FortiOS administrative interface API may allow an authentica...

FortiProxy 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4 ... FortiOS 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.11, 7.0.10, 7.0.9, 7.0.8, 7.0.7 ...

Jun 12, 2023 GUI Severity black-background-circle-icon

Low IR Number: FG-IR-23-095 CVE-2023-29178

FortiOS & FortiProxy - Format String Bug in fortiguard-resources CLI command

A format string vulnerability [CWE-134] in the command line interpreter of FortiOS and FortiProxy may allow an authenticat...

FortiProxy 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 ... FortiOS 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5 ...

Jun 12, 2023 CLI Severity black-background-circle-icon

Medium IR Number: FG-IR-22-463 CVE-2022-43953

FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to exec...

FortiOS-6K7K 7.0.5, 7.0.10, 6.4.8, 6.4.6, 6.4.2, 6.4.12, 6.4.10, 6.2.9, 6.2.7, 6.2.6 ... FortiProxy 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4 ... FortiOS 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5 ...

Jun 12, 2023 SSL-VPN Severity black-background-circle-icon

Critical IR Number: FG-IR-23-097 CVE-2023-27997

FortiOS & FortiProxy - Lack of certificate verification when establishing secure connections with FortiGuard's map server

An improper certificate validation vulnerability [CWE-295] in FortiOS and FortiProxy may allow a remote and unauthenticate...

FortiProxy 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4 ... FortiOS 7.2.0, 7.0.10, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2 ...

Jun 12, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-468 CVE-2023-29175

FortiOS & FortiProxy - Out-of-bound write in CLI

An out-of-bounds write vulnerability [CWE-787] in Command Line Interface of FortiOS and FortiProxy may allow an authentica...

FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4 ... FortiProxy 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2 ...

Jun 12, 2023 CLI Severity black-background-circle-icon

Medium IR Number: FG-IR-22-494 CVE-2023-22639

FortiOS & FortiProxy - SMTP password ciphertext exposure in Log

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS / FortiProxy log events may allow a...

FortiProxy 7.2.1, 7.2.0, 7.0.12, 7.0.11, 7.0.10, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5 ... FortiOS 7.2.5, 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.12, 7.0.11, 7.0.10, 7.0.9 ...

Jun 12, 2023 Severity black-background-circle-icon

Low IR Number: FG-IR-22-455 CVE-2023-26207

FortiOS - Format String Bug in Fclicense daemon

A use of externally-controlled format string vulnerability [CWE-134] in the Fclicense daemon of FortiOS may allow a remote...

FortiOS 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5 ...

Jun 12, 2023 Severity black-background-circle-icon

High IR Number: FG-IR-23-119 CVE-2023-29181

FortiOS - Null pointer dereference in sslvnd

A NULL pointer dereference vulnerability [CWE-476] in FortiOS may allow a remote unauthenticated attacker to crash the SSL...

FortiOS 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5 ...

Jun 12, 2023 Severity black-background-circle-icon

High IR Number: FG-IR-23-111 CVE-2023-29180

FortiOS - Null pointer dereference in sslvpnd proxy endpoint

A NULL pointer dereference vulnerability [CWE-476] in FortiOS may allow an authenticated attacker to crash the SSL-VPN dae...

FortiOS 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5 ...

Jun 12, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-23-125 CVE-2023-29179

FortiOS, FortiProxy & FortiSwitchManager - Path traversal vulnerability in administrative interface

A relative path traversal vulnerability [CWE-23] in FortiOS, FortiProxy & FortiSwitchManager administrative interface may ...

FortiSwitchManager 7.2.1, 7.2.0, 7.0.1, 7.0.0 FortiProxy 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 ... FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4 ...

Jun 12, 2023 GUI Severity black-background-circle-icon

Medium IR Number: FG-IR-22-393 CVE-2022-42474

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer

FortiTester

PSIRT Advisories

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer

FortiTester

Threat Intelligence Center

Resource Center

About

About FortiGuard Labs

Partners

PSIRT Advisories

Threat Intelligence
Center