Refine
RESET


Filter by Date:
switch-off-logo All
Filter by Severity Level:
switch-on-logo All
switch-off-logo Critical light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo (0)
switch-off-logo High light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo (1)
switch-off-logo Medium light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo (7)
switch-off-logo Low light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo (3)
switch-off-logo Informational light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo (0)
Filter by Affected Product:
switch-on-logo All

PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479
CVE-2019-11477:The Linux kernel is vulnerable to an integer overflow in the 16 bit width of  TCP_SKB_CB(skb)->tcp_gso_segs...
Nov 29, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-19-180 CVE-2019-11477
FortiOS multiple pre-auth XSS vulnerabilities on SSL VPN
Failure to sanitize the error or message handling parameters in the SSL VPN web portal may allow an attacker to perform a ...
FortiOS 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
Nov 26, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-18-383 CVE-2018-13380
SSL VPN buffer overrun when parsing javascript href content
A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for l...
FortiOS 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0
Nov 26, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-18-388 CVE-2018-13383
XSS vulnerability in FortiGate DHCP monitor page
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may a...
FortiOS 6.2.1, 6.2.0
Nov 25, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-19-184 CVE-2019-6697
FortiOS admin privilege escalation via restoring configs
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restori...
FortiOS 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0 FortiADC 5.2.2, 5.1.4
Nov 14, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-17-053 CVE-2017-17544
VM images lack an integrity check of the file system at boot time
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before...
Nov 14, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-19-017 CVE-2019-5587
FortiOS local certificate private key improper protection in admin CLI console
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private key...
FortiOS 6.2.1, 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
Nov 14, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-19-134 CVE-2019-5593
libssh2 integer overflow and out of bounds read/write vulnerabilities
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an una...
Nov 14, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-19-099 CVE-2019-3855
Denial of Service vulnerability impacts the SSL VPN service of FortiOS and FortiProxy.
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS and FortiProxy may allow an unauthenticated re...
FortiOS 6.2.1, 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0
Nov 08, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-19-236 CVE-2019-15705
Console window of FortiClient for Mac OS displays password in clear-text.
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker  to read sen...
FortiClientMac 6.2.0, 6.0.7
Nov 08, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-19-227 CVE-2019-15704
FortiExtender OS command injection through execute date CLI command
An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbi...
FortiExtender 4.1.1, 4.0.0, 3.3.2, 3.3.1, 3.3.0, 3.2.3, 3.2.2, 3.2.1, 3.1.2, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 0.4.10
Nov 01, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-19-273 CVE-2019-15710