PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

The Site Publisher functionality of FortiWeb has been found vulnerable to a Cross-Site Scripting vulnerability via an impr...

Apr 19, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-17-076 CVE-2017-3129
The lack of input sanitisation for CLI command 'copy running-config' allows a user with 'admin' or 'superuser' privilege l...

Apr 12, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-17-097 CVE-2017-3134
The first run of the FortiClient SSLVPN script results in the subproc file becoming  suid & root owned binary. The issue l...

Apr 05, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-16-041 CVE-2016-8497
Of multiple vulnerabilities released affecting Linux kernels through 4.6.3, FortiOS was found vulnerable to the following ...

Apr 05, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-16-052 CVE-2016-3713
An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the b...

FortiMail 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.11, 5.0.10, 5.0.1, 5.0.0
Apr 04, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-17-011 CVE-2017-3125
net/ipv4/tcp_input.c in certain Linux kernel versions does not properly determine the rate of challenge ACK segments, whic...

Apr 04, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-047 CVE-2016-5696
The OpenSSL project released an advisory on Sept 22nd, 2016, describing 1 High, 1 Medium and 12 Low severity vulnerabiliti...

Apr 03, 2017 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-048 CVE-2016-2177