PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiWAN - Improper cryptographic operations in Dynamic Tunnel Protocol
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN may ...
FortiWAN 4.5.8
Apr 05, 2022 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-21-070 CVE-2021-32593
FortiWAN - Pervasive OS command injection
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in FortiWAN Web GUI ma...
FortiWAN 4.5.8
Apr 05, 2022 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon High IR Number: FG-IR-21-060 CVE-2021-24009
FortiWAN - Pervasive SQL injection
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN may allow an unaut...
FortiWAN 4.5.8
Apr 05, 2022 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon Critical IR Number: FG-IR-21-062 CVE-2021-26114
FortiWAN - Stack-based buffer overflow in bmstatd
Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter...
FortiWAN 4.5.8
Apr 05, 2022 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon High IR Number: FG-IR-21-065 CVE-2021-26112
FortiWAN - Stored Cross-site scripting in log viewer
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN may allow an attacker to...
FortiWAN 4.5.8
Apr 05, 2022 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-21-078 CVE-2021-32585
FortiWAN - Use of hardcoded salt for password hashing
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN may allow an attacker who has previous...
FortiWAN 4.5.8
Apr 05, 2022 Severity black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon Medium IR Number: FG-IR-21-064 CVE-2021-26113