PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and...

Feb 13, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-13-009 CVE-2014-1955
FortiOS 5.0.5 and earlier versions contain a cross-site scripting vulnerability. The mkey parameter in the URL /firewall/...

Feb 03, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-003 CVE-2013-7182
Fortiweb 5.0.3 and earlier versions contain a cross-site scripting vulnerability. The filter parameter in the URL "/user/...

Feb 03, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-002 CVE-2013-7181
Authenticated administrative users can store injected Javascript content into a specific field on the web management inter...

Jan 17, 2014 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-14-001 CVE-2014-1458
Authenticated admin users may be able to obtain access to a system shell from the command line interface.

Dec 13, 2013 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-13-016 CVE-2013-6990
Multiple CSRF vulnerabilities exist in the FortiAnalyzer web administration console due to an error in CSRF token validati...

Nov 22, 2013 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-13-018 CVE-2013-6826
Multiple CSRF (Cross-Site Request Forgery) vulnerabilities exist in FortiGate because GUI pages are not protected by CSRF ...

Jul 08, 2013 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo High IR Number: FG-IR-13-014 CVE-2013-1414
Improper Guest User Permission Management issue exists in FortiGate.

Jun 13, 2013 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-013-004 CVE-2013-4604
Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow a...

May 13, 2013 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Critical IR Number: FG-IR-13-008
Input filter bypass and exception handling vulnerabilities can be used by an attacker to hijack administrator or customer ...

Jan 29, 2013 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-013-001 CVE-2013-1471
FortiDB does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to i...

Dec 03, 2012 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-012-007 CVE-2012-6347
FortiWeb does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to ...

Dec 03, 2012 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-012-008 CVE-2012-6346
FortiWeb fails to sanitize user input. The vulnerability allows an attacker to inject script code.

Oct 25, 2012 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-012-006
FortiMail fails to sanitize user input. The vulnerability allows an attacker to bypass its input filtering routine, which ...

Oct 25, 2012 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Medium IR Number: FG-IR-012-005
Vulnerability-lab.com publicly released news of discovered vulnerabilities discovered in FortiGate UTM WAF Appliances platforms.

Sep 14, 2012 Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low IR Number: FG-IR-012-004