- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 4 FortiExtender
- 3 FortiADCManager
- 2 FortiManager
- 2 FortiAnalyzer
- 2 FortiADC
- 2 FortiWAN
- 2 FortiDDoS-CM
- 1 FortiOS
- 1 FortiProxy
- 1 FortiMail
- 1 FortiPortal
- 1 FortiAuthenticator
- 1 FortiSIEM
- 1 FortiWLC
- 1 FortiRecorder
- 1 FortiTester
- 1 FortiVoiceEnterprise
- 1 FortiDDoS
- 1 FortiAP-C
- 1 FortiAnalyzer-BigData
- 1 FortiSDNConnector
- 0 FortiWeb
- 0 FortiSandbox
- 0 FortiClientWindows
- 0 FortiNAC
- 0 FortiClientEMS
- 0 FortiSwitch
- 0 FortiAP
- 0 FortiAP-W2
- 0 FortiClientMac
- 0 FortiSOAR
- 0 FortiAP-S
- 0 FortiWLM
- 0 FortiAP-U
- 0 FortiDeceptor
- 0 AscenLink
- 0 FortiClientLinux
- 0 FortiDB
- 0 FortiEDR
- 0 Meru AP
- 0 FortiCache
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiPresence
- 0 FortiTokenMobileWP
- 0 FortiVoice
February
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the webserver of FortiExten...
FortiExtender
7.0.3, 7.0.2, 7.0.1, 7.0.0, 5.3.2, 4.2.4, 4.2.3, 4.2.2, 4.2.1, 4.2.0, 4.1.8, 4.1.7, 4.1.6, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.0.2, 4.0.1, 4.0.0, 3.3.2, 3.3.1, 3.3.0, 3.2.3, 3.2.2, 3.2.1, 3.1.2, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0
Feb 16, 2023
Severity
High
IR Number: FG-IR-22-048
CVE-2022-27489
CVE-2022-42889:
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and e...
FortiAnalyzer-BigData
7.0.4, 7.0.3, 7.0.2, 7.0.1
Oct 28, 2022
Severity
Critical
IR Number: FG-IR-22-399
CVE-2022-42889
An improper neutralization of special elements used in a command vulnerability ('Command Injection') [CWE-77] in FortiExte...
FortiExtender
7.0.1, 7.0.0, 4.2.3, 4.2.2, 4.2.1, 4.2.0, 4.1.7, 4.1.6, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.1
Feb 01, 2022
Severity
High
IR Number: FG-IR-21-148
CVE-2021-41016
An insufficiently protected credentials vulnerability [CWE-522] in FortiSDNConnector may allow an authenticated user to ob...
FortiSDNConnector
1.1.7, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.0
Oct 05, 2021
Severity
Medium
IR Number: FG-IR-20-183
CVE-2021-36178
A clear text storage of sensitive information into log file vulnerability in FortiADCManager and FortiADC may allow a remo...
FortiADCManager
5.3.0, 5.2.1, 5.2.0
Apr 06, 2021
Severity
Medium
IR Number: FG-IR-19-244
CVE-2021-24024
An improper access control vulnerability in the admin SSH console of multiple products may allow an authenticated user to ...
FortiADC
5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiExtender
4.2.0
FortiManager
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiAnalyzer
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0
FortiPortal
5.3.2, 5.2.4
FortiDDoS-CM
5.2.0
FortiAP-C
5.4.2
FortiDDoS
5.2.0
FortiWLC
8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1
FortiADCManager
5.3.0
FortiSIEM
6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0
Jun 26, 2020
Severity
Medium
IR Number: FG-IR-19-292
CVE-2004-1653
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before...
FortiOS
6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
FortiAnalyzer
6.2.0
FortiTester
3.5.0
FortiADC
5.2.2
FortiVoiceEnterprise
5.3.26, 5.3.25
FortiManager
6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0
FortiAuthenticator
6.1.3, 6.1.2, 6.1.1, 6.1.0
FortiRecorder
2.7.1, 2.6.3
FortiDDoS-CM
5.1.0
FortiADCManager
5.2.1
FortiMail
6.0.4, 5.4.9
FortiProxy
1.1.5, 1.1.2, 1.0.6
FortiWAN
5.2.0
Nov 14, 2019
Severity
Medium
IR Number: FG-IR-19-017
CVE-2019-5587
An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbi...
FortiExtender
4.1.1, 4.0.0, 3.3.3, 3.3.2, 3.3.1, 3.3.0, 3.2.4, 3.2.3, 3.2.2, 3.2.1, 3.1.2, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 0.4.10
Nov 01, 2019
Severity
Medium
IR Number: FG-IR-19-273
CVE-2019-15710