PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

On May 11th, 2021, Mathy Vanhoef (New York University Abu Dhabi) published a new paper, Fragment and Forge: Breaking Wi-Fi...

Jun 01, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-21-071 CVE-2020-26139
FortiGate's and FortiADC's  read-only admins are able to point an LDAP server connectivity test request to a rogue LDAP se...

Jun 01, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-18-157 CVE-2018-13374
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator may allow an at...

FortiAuthenticator 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Jun 01, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-20-049 CVE-2021-24005
An improper access control vulnerability in FortiProxy SSL VPN web portal may allow an unauthenticated and remote attacker...

FortiProxy 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6
Jun 01, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-20-231 CVE-2018-13382
A path traversal vulnerability in the FortiProxy SSL VPN web portal may allow a non-authenticated, remote attacker to down...

FortiProxy 2.0.2, 2.0.1, 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6
Jun 01, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-20-233 CVE-2018-13379
An OS command injection vulnerability in FortiWeb's management interface may allow a remote authenticated attacker to exec...

FortiWeb 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Jun 01, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-20-120 CVE-2021-22123