PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox may allow an attacker to reuse the unexpired ad...

FortiSandbox 3.2.1, 3.2.0
Sep 07, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-20-070 CVE-2020-29012
Multiple stack-based buffer overflow vulnerabilities in FortiWeb CLI interface may allow an authenticated attacker to exec...

FortiWeb 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Sep 07, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-20-206 CVE-2021-36179
Multiple improper neutralization of special elements vulnerabilities [CWE-89] used in a command in FortiWeb may allow an a...

FortiWeb 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4
Sep 07, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-21-047 CVE-2021-36182
An improper input validation vulnerability in the sniffer interface of FortiSandbox may allow an authenticated attacker to...

FortiSandbox 3.2.1, 3.2.0
Sep 07, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-20-178 CVE-2020-29013