PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An information disclosure vulnerability in FortiWeb's Web Vulnerability Scan profile may allow a remote authenticated atta...

FortiWeb 6.3.4, 6.3.3, 6.3.2
Apr 06, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-20-076 CVE-2020-15942
An improper neutralization of input during web page generation in FortiWeb GUI interface may allow an unauthenticated, rem...

FortiWeb 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Feb 03, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-20-122 CVE-2021-22122
A stack-based buffer overflow [CWE-121] vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the c...

FortiWeb 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Jan 04, 2021 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-20-125 CVE-2020-29016
An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being ...

FortiWeb 6.2.0
Mar 11, 2020 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-19-269 CVE-2019-16157
An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a store...

FortiWeb 6.3.0, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.9.2, 5.9.1, 5.9.0
Mar 09, 2020 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-20-001 CVE-2020-6646
An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauth...

FortiWeb 6.2.1, 6.2.0, 6.1.1
Mar 09, 2020 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-19-265 CVE-2019-16156
Multiple Fortinet products may be affected by the following Linux Kernel vulnerability:CVE-2016-10229 Linux Kernel ipv4/ud...

FortiManager 5.4.2 FortiAP 5.6.0, 5.4.2 FortiADC 4.8.0 FortiSandbox 3.0.7, 3.0.6, 3.0.5, 3.0.4 FortiAnalyzer 5.4.2 FortiWeb 5.7.3, 5.7.2 Meru Controller 8.4.5, 8.4.4 FortiWAN-Manager 4.3.0 FortiWAN 4.3.1 FortiPortal 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.2.0, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0 FortiWebManager 6.0.0 FortiCache 4.2.2 FortiDDoS 4.3.2, 4.3.1 FortiOS 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0 FortiAuthenticator 5.0.0 FortiVoiceEnterprise 5.3.6 AscenLink 7.2.19 FortiWLM 8.4.0 FortiWLC 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2
Jul 24, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-17-118 CVE-2016-10229
The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized...

FortiWeb 6.0.2
Jun 12, 2019 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-19-070 CVE-2019-5590
An improper access control vulnerability in FortiWeb's Signed Security mode may allow an attacker to disable the cookie ta...

FortiWeb 6.0.7, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.9.2, 5.9.1, 5.9.0, 5.8.7, 5.8.6, 5.8.5, 5.8.3, 5.8.2, 5.8.1, 5.8.0, 5.7.3, 5.7.2, 5.7.1, 5.7.0, 5.6.2, 5.6.1, 5.6.0
Mar 06, 2018 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-17-279 CVE-2017-14191