Filter by Date
- 2022
  - 6 05-2022
Filter by Severity
- 0 Critical
- 1 High
- 5 Medium
- 0 Low
- 0 Informational
Filter by Affected Product
- All
- 4 FortiOS
- 2 FortiProxy
- 1 FortiSOAR
- 1 FortiIsolator
- 0 FortiManager
- 0 FortiWeb
- 0 FortiAnalyzer
- 0 FortiMail
- 0 FortiADC
- 0 FortiSandbox
- 0 FortiPortal
- 0 FortiClientWindows
- 0 FortiWAN
- 0 FortiAuthenticator
- 0 FortiClientEMS
- 0 FortiSIEM
- 0 FortiSwitch
- 0 FortiWLC
- 0 FortiAP
- 0 FortiClientMac
- 0 FortiAP-W2
- 0 FortiDDoS
- 0 FortiRecorder
- 0 FortiTester
- 0 FortiVoiceEnterprise
- 0 FortiAP-S
- 0 FortiWLM
- 0 FortiNAC
- 0 FortiAP-U
- 0 FortiDB
- 0 FortiDeceptor
- 0 AscenLink
- 0 FortiClientLinux
- 0 FortiEDR
- 0 Meru AP
- 0 FortiADCManager
- 0 FortiCache
- 0 FortiDDoS-F
- 0 FortiNDR
- 0 FortiAP-C
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiDDoS-CM
- 0 FortiExtender
- 0 FortiSIEMWindowsAgent
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FSSO Windows CA
- 0 FortiAnalyzer-BigData
- 0 FortiWAN-Manager
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiOS-6K7K
- 0 FortiSDNConnector
- 0 FortiSwitchManager
- 0 FortiTokenMobileWP
- 0 FortiVoice

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2023: Jan
2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiIsolator -- Unauthorized user able to regenerate CA certificate

An improper access control vulnerability [CWE-284] in FortiIsolator may allow an authenticated, non privileged attacker to...

FortiIsolator 2.3.2, 2.3.1, 2.3.0

May 03, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

High IR Number: FG-IR-21-040 CVE-2021-41020

FortiOS & FortiProxy - Information disclosure in web proxy error pages

A server-generated error message containing sensitive information vulnerability [CWE-550] in FortiOS and FortiProxy web pr...

FortiOS 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.2.0, 6.2.1, 6.2.10, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 7.0.0, 7.0.1, 7.0.2, 7.0.3 FortiProxy 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.11, 2.0.10, 2.0.1, 2.0.0

May 03, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Medium IR Number: FG-IR-21-231 CVE-2021-43206

FortiOS - Improper Inter-VDOM access control

An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user p...

FortiOS 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0

May 03, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Medium IR Number: FG-IR-21-147 CVE-2021-41032

FortiOS - Lack of certificate verification when establishing secure connections to some external end-points

An improper certificate validation vulnerability [CWE-295] in FortiOS may allow a network adjacent and unauthenticated att...

FortiOS 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.2.0, 6.2.1, 6.2.10, 6.2.11, 6.2.12, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 7.0.0

May 03, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Medium IR Number: FG-IR-21-239 CVE-2022-22306

FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiProxy and FortiOS web filter...

FortiOS 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.2.0, 6.2.1, 6.2.10, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 7.0.0, 7.0.1, 7.0.2, 7.0.3 FortiProxy 7.0.1, 7.0.0, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0

May 03, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Medium IR Number: FG-IR-21-230 CVE-2021-43081

FortiSOAR - Improper access control on gateway API

An improper access control vulnerability [CWE-284] in FortiSOAR may allow an unauthenticated attacker to access gateway AP...

FortiSOAR 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1, 6.4.0

May 03, 2022 Severity black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

black-background-circle-icon

lightgray-background-circle-icon

lightgray-background-circle-icon

Medium IR Number: FG-IR-22-041 CVE-2022-23443