PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

A temporary denial of service condition can be created using a specially crafted request sent to the FortiManager protocol...

Aug 19, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-006 CVE-2014-0351
FortiWeb 5.0, 5.1 and 5.2.0 are vulnerable to multiple reflective cross-site scripting issues. Several parameters in the w...

Jul 10, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-012 CVE-2014-4738
The OpenSSL project released an advisory on June 5th, 2014, which describes the following vulnerabilities: SSL/TLS MITM v...

Jun 06, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-018 CVE-2014-0224
Multiple CSRF vulnerabilities exist in the FortiWeb web administration console due to lack of CSRF token protection. This ...

May 02, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-013 CVE-2014-3115
The web administration interface on FortiADC D-series versions 3.2.0 and lower have a reflective cross-site scripting vuln...

Apr 03, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-004 CVE-2014-0331
FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and...

Feb 13, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-13-009 CVE-2014-1955
FortiOS 5.0.5 and earlier versions contain a cross-site scripting vulnerability. The mkey parameter in the URL /firewall/...

Feb 03, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-003 CVE-2013-7182
Fortiweb 5.0.3 and earlier versions contain a cross-site scripting vulnerability. The filter parameter in the URL "/user/...

Feb 03, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-002 CVE-2013-7181
Authenticated administrative users can store injected Javascript content into a specific field on the web management inter...

Jan 17, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-001 CVE-2014-1458
Authenticated admin users may be able to obtain access to a system shell from the command line interface.

Dec 13, 2013 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-13-016 CVE-2013-6990
Input filter bypass and exception handling vulnerabilities can be used by an attacker to hijack administrator or customer ...

Jan 29, 2013 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-013-001 CVE-2013-1471
FortiMail fails to sanitize user input. The vulnerability allows an attacker to bypass its input filtering routine, which ...

Oct 25, 2012 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-012-005
Fortinet has verified a potential issue during HTTP session authentication that could lead to a buffer overflow condition ...

Aug 20, 2012 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-012-003