PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

A path traversal vulnerability [CWE-22] in FortiAP-U CLI may allow an admin user to delete and access unauthorized files a...

FortiAP-U 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.0
Jun 07, 2022 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-22-109 CVE-2022-30301
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows may allow a local attacker to perfo...

FortiClientWindows 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
Jun 07, 2022 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-22-044 CVE-2022-26113
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API may allow an attacker who managed to retrie...

FortiDDoS 5.5.1, 5.5.0, 5.4.2, 5.4.1, 5.4.0, 5.3.1, 5.3.0, 5.2.0, 5.1.0
Jun 07, 2022 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-22-071 CVE-2022-29060
Security advisories were released affecting  the version of Apache Airflow library used in some Fortinet products: CVE-202...

FortiAnalyzer 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0
Jun 07, 2022 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Critical IR Number: FG-IR-22-008 CVE-2020-13927