Filter by Date
- 2019
  - 11 11-2019
Filter by Severity
- 0 Critical
- 2 High
- 6 Medium
- 3 Low
- 0 Informational
Filter by Affected Product
- All
- 6 FortiOS
- 1 FortiADC
- 1 FortiClientMac
- 1 FortiExtender

Filter by Date:
switch-off-logo

All

2019

November (11)

Filter by Severity Level:
switch-on-logo

All

Filter by Affected Product:
switch-on-logo

All

FortiOS (6)

FortiADC (1)

FortiClientMac (1)

FortiExtender (1)

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2022: Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

CVE-2019-11477:The Linux kernel is vulnerable to an integer overflow in the 16 bit width of TCP_SKB_CB(skb)->tcp_gso_segs...

Nov 29, 2019 Severity light-circle-logo

High IR Number: FG-IR-19-180 CVE-2019-11477

FortiOS multiple pre-auth XSS vulnerabilities on SSL VPN

Failure to sanitize the error or message handling parameters in the SSL VPN web portal may allow an attacker to perform a ...

FortiOS 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0

Nov 26, 2019 Severity light-circle-logo

Medium IR Number: FG-IR-18-383 CVE-2018-13380

SSL VPN buffer overrun when parsing javascript href content

A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for l...

FortiOS 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0

Nov 26, 2019 Severity light-circle-logo

High IR Number: FG-IR-18-388 CVE-2018-13383

XSS vulnerability in FortiGate DHCP monitor page

An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may a...

FortiOS 6.2.1, 6.2.0

Nov 25, 2019 Severity light-circle-logo

Low IR Number: FG-IR-19-184 CVE-2019-6697

FortiOS admin privilege escalation via restoring configs

A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restori...

FortiOS 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0 FortiADC 5.2.2, 5.1.4

Nov 14, 2019 Severity light-circle-logo

Low IR Number: FG-IR-17-053 CVE-2017-17544

VM images lack an integrity check of the file system at boot time

VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before...

Nov 14, 2019 Severity light-circle-logo

Medium IR Number: FG-IR-19-017 CVE-2019-5587

FortiOS local certificate private key improper protection in admin CLI console

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private key...

FortiOS 6.2.1, 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0

Nov 14, 2019 Severity light-circle-logo

Medium IR Number: FG-IR-19-134 CVE-2019-5593

libssh2 integer overflow and out of bounds read/write vulnerabilities

Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an una...

Nov 14, 2019 Severity light-circle-logo

Medium IR Number: FG-IR-19-099 CVE-2019-3855

Denial of Service vulnerability impacts the SSL VPN service of FortiOS and FortiProxy.

An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS and FortiProxy may allow an unauthenticated re...

FortiOS 6.2.1, 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0

Nov 08, 2019 Severity light-circle-logo

Medium IR Number: FG-IR-19-236 CVE-2019-15705

Console window of FortiClient for Mac OS displays password in clear-text.

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sen...

FortiClientMac 6.2.0, 6.0.7

Nov 08, 2019 Severity light-circle-logo

Low IR Number: FG-IR-19-227 CVE-2019-15704

FortiExtender OS command injection through execute date CLI command

An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbi...

FortiExtender 4.1.1, 4.0.0, 3.3.2, 3.3.1, 3.3.0, 3.2.3, 3.2.2, 3.2.1, 3.1.2, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 0.4.10

Nov 01, 2019 Severity light-circle-logo

Medium IR Number: FG-IR-19-273 CVE-2019-15710

Network

Content and Endpoint

Application

Response

FortiNDR

FortiSandbox

FortiTester

Refine
RESET

PSIRT Advisories

Monthly PSIRT Advisories

News / Research

Network

Content and Endpoint

Application

Response

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC WAF Security

FortiAnalyzer/FortiSIEM

FortiCWP

FortiWeb

FortiNDR

FortiSandbox

FortiTester

Threat Lookup

PSIRT

Resources

Refine RESET

PSIRT Advisories

Monthly PSIRT Advisories

Refine
RESET