PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities.C...

Sep 07, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-045 CVE-2016-4965
Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow ma...

Aug 09, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-022
A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this ...

Aug 09, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-020
An XSS vulnerablity in FortiManager/FortiAnalyzer could allow privileged guest user accounts and restricted user accounts ...

Aug 09, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-016 CVE-2016-3193
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input f...

Aug 09, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-017 CVE-2016-3194
A client side XSS vulnerablity in FortiManager/FortiAnalyzer could allow malicious script being injected in the Web-UI; th...

Aug 09, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-015 CVE-2016-3195
When a low privileged user uploads images in the report section, the filenames are not properly sanitized; this potentiall...

Jul 14, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-014 CVE-2016-3196
There is a CSRF vulnerability with FortiWEB console on dashboard. Attackers may submit local forms to change admin passwor...

Jun 23, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-010 CVE-2016-4066
The Security Account Manager Remote Protocol [MS-SAMR] and the Local Security Authority (Domain Policy) Remote Protocol [M...

Apr 14, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-007 CVE-2016-2118
Since glibc 2.9, the glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() ...

Feb 25, 2016 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-16-002 CVE-2015-7547
The Graphical User Interface (GUI) of FortiManager v5.2.2 is vulnerable to two reflected Cross-Site Scripting (XSS) vulner...

Sep 24, 2015 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-15-022 CVE-2015-8037
Installing Forticlient SSLVPN Linux client build 2312 and lower in a home directory that is world readable-executable yiel...

Jul 24, 2015 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-15-017 CVE-2015-7362
The Web User Interface of FortiSandbox version 2.0.4 and below is vulnerable to multiple reflected Cross-Site Scripting vu...

Jul 24, 2015 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-15-019 CVE-2015-7360