- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 13 FortiSIEM
- 4 FortiManager
- 3 FortiProxy
- 3 FortiAnalyzer
- 3 FortiMail
- 3 FortiADC
- 3 FortiPortal
- 3 FortiAuthenticator
- 3 FortiWAN
- 2 FortiOS
- 2 FortiSandbox
- 2 FortiClientWindows
- 2 FortiSwitch
- 2 FortiAP
- 2 FortiAP-W2
- 2 FortiRecorder
- 2 FortiVoiceEnterprise
- 2 FortiADCManager
- 2 FortiDDoS-CM
- 1 FortiWeb
- 1 FortiWLC
- 1 FortiTester
- 1 FortiAP-S
- 1 FortiAP-U
- 1 AscenLink
- 1 FortiDDoS
- 1 FortiExtender
- 1 FortiAP-C
- 1 FortiWAN-Manager
- 0 FortiNAC
- 0 FortiClientEMS
- 0 FortiClientMac
- 0 FortiSOAR
- 0 FortiWLM
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 FortiDB
- 0 FortiEDR
- 0 Meru AP
- 0 FortiCache
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FSSO Windows CA
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice
April
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
A security advisory was released affecting a version of the Linux Kernel used in FortiAuthenticator, FortiProxy & FortiSIE...
FortiSIEM
6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0
FortiProxy
7.0.3, 7.0.2, 7.0.1, 7.0.0
FortiAuthenticator
6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0
Apr 11, 2023
Severity
High
IR Number: FG-IR-22-050
CVE-2022-0847
An improper authentification vulnerability [CWE-287] in FortiSIEM may allow a local attacker with CLI access to perform op...
FortiSIEM
6.4.2, 6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0
Nov 01, 2022
Severity
High
IR Number: FG-IR-22-064
CVE-2022-26119
An improper access control vulnerability in the admin SSH console of multiple products may allow an authenticated user to ...
FortiADC
5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiExtender
4.2.0
FortiManager
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiAnalyzer
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0
FortiPortal
5.3.2, 5.2.4
FortiDDoS-CM
5.2.0
FortiAP-C
5.4.2
FortiDDoS
5.2.0
FortiWLC
8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1
FortiADCManager
5.3.0
FortiSIEM
6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0
Jun 26, 2020
Severity
Medium
IR Number: FG-IR-19-292
CVE-2004-1653
An expression language injection vulnerability in FortiSIEM JBoss RichFaces library may allow a remote attacker to inject ...
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated...
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule...
A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH...
A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database ...
FortiSIEM
5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0, 4.9.0, 4.7.2, 4.10.0
Jan 13, 2020
Severity
Medium
IR Number: FG-IR-19-195
CVE-2019-16153
TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479
CVE-2019-11477: The Linux kernel is vulnerable to an integer overflow in the 16 bit width of TCP_SKB_CB(skb)->tcp_gso_segs...
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0, 4.4.1
FortiManager
6.2.0, 6.0.7, 6.0.6, 6.0.5
FortiSwitch
6.2.2, 6.2.1, 6.0.4, 3.6.11, 3.6.10
FortiAP-W2
6.2.0, 6.0.6, 6.0.5
FortiVoiceEnterprise
5.3.26, 5.3.25, 5.3.24, 5.3.23, 5.3.22, 5.3.21
FortiPortal
5.2.3
FortiMail
6.0.5, 5.4.9
FortiAuthenticator
6.0.1
FortiSandbox
3.0.7, 3.0.6, 3.0.5, 3.0.4
FortiWAN-Manager
4.5.1
AscenLink
7.2.23
FortiSIEM
5.2.2
FortiAP-U
5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.0
FortiRecorder
2.7.4
FortiAP
6.0.5
FortiADC
5.3.1, 5.2.4, 5.1.6
FortiAnalyzer
6.2.0, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiProxy
1.1.3
Nov 29, 2019
Severity
High
IR Number: FG-IR-19-180
CVE-2019-11477
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before...
FortiOS
6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
FortiAnalyzer
6.2.0
FortiTester
3.5.0
FortiADC
5.2.2
FortiVoiceEnterprise
5.3.26, 5.3.25
FortiManager
6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0
FortiAuthenticator
6.1.3, 6.1.2, 6.1.1, 6.1.0
FortiRecorder
2.7.1, 2.6.3
FortiDDoS-CM
5.1.0
FortiADCManager
5.2.1
FortiMail
6.0.4, 5.4.9
FortiProxy
1.1.5, 1.1.2, 1.0.6
FortiWAN
5.2.0
Nov 14, 2019
Severity
Medium
IR Number: FG-IR-19-017
CVE-2019-5587
An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated ...
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc. These attacks allow malicious use...
FortiSandbox
3.1.2, 3.1.1, 3.1.0
FortiClientWindows
5.6.4, 5.4.4
FortiSIEM
4.10.0
Aug 26, 2019
Severity
Low
IR Number: FG-IR-18-002
CVE-2017-5753
FortiSwitch is vulnerable to multiple Cross-site Scripting (XSS) attacks present in the jQuery javascript libraryCVE-2015-...
FortiMail
6.0.0, 5.4.5
FortiSIEM
5.2.8
FortiClientWindows
6.0.0
FortiSwitch
6.0.2, 6.0.1, 3.6.8
FortiAP
5.6.3
FortiWeb
6.0.1
FortiOS
6.0.1
FortiPortal
4.2.2
FortiManager
5.6.3
FortiAP-S
5.6.2
FortiAP-W2
5.6.2
Apr 10, 2019
Severity
Medium
IR Number: FG-IR-18-013
CVE-2015-9251
An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LD...
FortiSIEM
5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0, 4.9.0, 4.10.0
Mar 29, 2019
Severity
Low
IR Number: FG-IR-18-382
CVE-2018-13378