- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 66 FortiWeb
- 19 FortiAuthenticator
- 14 FortiOS
- 12 FortiManager
- 11 FortiAnalyzer
- 9 FortiMail
- 8 FortiADC
- 8 FortiWAN
- 7 FortiSandbox
- 7 FortiSwitch
- 5 FortiAP
- 5 FortiRecorder
- 5 FortiVoiceEnterprise
- 5 FortiDB
- 4 FortiProxy
- 4 FortiPortal
- 4 FortiAP-W2
- 4 AscenLink
- 4 FortiDDoS
- 4 FortiCache
- 3 FortiClientWindows
- 3 FortiSIEM
- 3 FortiClientEMS
- 3 FortiWLC
- 3 FortiTester
- 2 FortiClientMac
- 2 FortiAP-S
- 2 FortiTokenIOS
- 2 FortiWAN-Manager
- 2 FortiClientAndroid
- 2 SSL_VPN
- 1 FortiWLM
- 1 FortiAP-U
- 1 FortiDeceptor
- 1 FortiADCManager
- 1 FortiTokenAndroid
- 1 FSSO Windows CA
- 1 FortiClientiOS
- 1 FortiDDoS-CM
- 1 FortiNDR
- 1 FortiWebManager
- 1 Meru Controller
- 1 FSSO (all dist.)
- 1 FortiAnalyzer-BigData
- 1 FortiExplorer Windows
- 1 FortiVoice
- 0 FortiNAC
- 0 FortiSOAR
- 0 FortiClientLinux
- 0 FortiEDR
- 0 Meru AP
- 0 FortiExtender
- 0 FortiAP-C
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiOS-6K7K
- 0 AV Engine
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiFone
- 0 FortiGuard
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
April
(4)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
A security advisory was released affecting a version of the Linux Kernel used in FortiAuthenticator, FortiProxy & FortiSIE...
FortiSIEM
6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0
FortiProxy
7.0.3, 7.0.2, 7.0.1, 7.0.0
FortiAuthenticator
6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0
Apr 11, 2023
Severity
High
IR Number: FG-IR-22-050
CVE-2022-0847
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator may allo...
FortiAuthenticator
6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.2, 6.2.1, 6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0
Apr 11, 2023
Severity
Medium
IR Number: FG-IR-22-275
CVE-2022-35850
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interprete...
FortiWeb
7.0.3, 7.0.2, 7.0.1, 7.0.0
FortiADC
7.1.1, 7.1.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.6, 6.1.5, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0
Apr 11, 2023
Severity
Medium
IR Number: FG-IR-22-186
CVE-2022-43948
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface may allow an unauthe...
FortiWeb
7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.21, 6.3.20, 6.3.2, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Apr 11, 2023
Severity
High
IR Number: FG-IR-22-428
CVE-2022-43955
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiAuthenticator, FortiDeceptor ...
FortiMail
6.4.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
FortiAuthenticator
6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.2, 6.2.1, 6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.5.0, 5.4.1, 5.4.0, 5.3.1, 5.3.0, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0
FortiDeceptor
3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 2.1.0, 2.0.0, 1.1.0, 1.0.1, 1.0.0
Mar 07, 2023
Severity
Low
IR Number: FG-IR-20-078
CVE-2022-29056
An improper neutralization of special elements used in an OS command vulnerability ('OS Command Injection') [CWE-78] in Fo...
FortiWeb
7.0.2, 7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.20, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10
Mar 07, 2023
Severity
High
IR Number: FG-IR-22-254
CVE-2022-39951
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpret...
FortiRecorder
6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 2.7.7, 2.7.6, 2.7.5, 2.7.4, 2.7.3, 2.7.2, 2.7.1, 2.7.0
FortiWeb
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Mar 07, 2023
Severity
Medium
IR Number: FG-IR-21-218
CVE-2022-22297
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwit...
FortiSwitch
7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
FortiWeb
6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
FortiOS
7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.14, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0
FortiProxy
7.0.1, 7.0.0, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0
Feb 16, 2023
Severity
Medium
IR Number: FG-IR-21-126
CVE-2021-43074
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate and FortiAuthenticator may allow a...
FortiAuthenticator
6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.5.0
FortiOS
6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0
Feb 16, 2023
Severity
Medium
IR Number: FG-IR-20-014
CVE-2022-22302
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb may allow an authenticated ...
FortiWeb
7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10
Feb 16, 2023
Severity
Medium
IR Number: FG-IR-22-167
CVE-2022-30306
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb may allow a privileged attacker to execute arbitrary cod...
FortiWeb
7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10
Feb 16, 2023
Severity
Medium
IR Number: FG-IR-22-164
CVE-2022-33871
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fo...
FortiWeb
7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10
Feb 16, 2023
Severity
High
IR Number: FG-IR-22-131
CVE-2023-23777
A double free vulnerability (CWE-415) in FortiWeb CLI may allow an authenticated, local attacker to achieve arbitrary code...
FortiWeb
7.0.3, 7.0.2, 7.0.1, 7.0.0
Feb 16, 2023
Severity
High
IR Number: FG-IR-22-348
CVE-2022-40683
A buffer overflow vulnerability [CWE-122] in the the command line interpreter of FortiWeb may allow an authenticated attac...
FortiWeb
7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Feb 16, 2023
Severity
High
IR Number: FG-IR-22-111
CVE-2023-23782
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-7...
FortiWeb
7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10
Feb 16, 2023
Severity
Medium
IR Number: FG-IR-22-133
CVE-2023-23779