- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 19 FortiWAN
- 8 FortiOS
- 8 FortiManager
- 8 FortiAnalyzer
- 6 FortiSandbox
- 6 FortiADC
- 6 FortiAuthenticator
- 6 FortiVoiceEnterprise
- 6 AscenLink
- 5 FortiMail
- 5 FortiRecorder
- 5 FortiDDoS
- 5 FortiEDR
- 4 FortiWeb
- 4 FortiAP
- 4 FortiDB
- 3 FortiPortal
- 3 FortiWLC
- 3 FortiSwitch
- 3 FortiTester
- 3 FortiCache
- 3 FortiADCManager
- 3 FortiWAN-Manager
- 2 FortiProxy
- 2 FortiClientWindows
- 2 FortiSIEM
- 2 FortiClientEMS
- 2 FortiClientMac
- 2 FortiAP-W2
- 2 FortiTokenIOS
- 2 FortiClientAndroid
- 2 FortiDDoS-CM
- 2 SSL_VPN
- 1 FortiWLM
- 1 FortiAP-U
- 1 FortiExtender
- 1 FortiAP-C
- 1 FortiTokenAndroid
- 1 FSSO Windows CA
- 1 FortiClientiOS
- 1 FortiWebManager
- 1 Meru Controller
- 1 FSSO (all dist.)
- 1 FortiExplorer Windows
- 1 FortiSDNConnector
- 1 FortiVoice
- 0 FortiNAC
- 0 FortiSOAR
- 0 FortiAP-S
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 Meru AP
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiOS-6K7K
- 0 AV Engine
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiPresence
- 0 FortiTokenMobileWP
February
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of...
FortiWAN
4.5.9, 4.5.8, 4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0, 4.4.1, 4.4.0, 4.3.1, 4.3.0, 4.2.7, 4.2.6, 4.2.5, 4.2.2, 4.2.1, 4.1.3, 4.1.2, 4.1.1, 4.0.6, 4.0.5, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Feb 16, 2023
Severity
High
IR Number: FG-IR-22-157
CVE-2022-33869
An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows may allow a pr...
FortiEDR
5.2.0, 5.1.0, 5.0.1, 5.0.0, 4.0.0
Nov 01, 2022
Severity
Medium
IR Number: FG-IR-22-218
CVE-2022-39949
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiEDR Central Manager may allo...
FortiEDR
5.1.0, 5.0.3, 5.0.1, 5.0.0, 4.0.0
Jul 05, 2022
Severity
Medium
IR Number: FG-IR-22-077
CVE-2022-29057
An improper control of a resource through its lifetime [CWE-664] vulnerability in FortiEDR Collector may allow a privilege...
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors may all...
FortiEDR
5.0.2, 5.0.1, 5.0.0, 4.0.0
Apr 05, 2022
Severity
Medium
IR Number: FG-IR-22-018
CVE-2022-23440
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR may allow an unauthenticated attacker on the net...
FortiEDR
5.0.2, 5.0.1, 5.0.0, 4.0.0
Apr 05, 2022
Severity
High
IR Number: FG-IR-22-019
CVE-2022-23441
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN may ...
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in FortiWAN Web GUI ma...
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN may allow an unaut...
Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter...
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN may allow an attacker to...
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN may allow an attacker who has previous...
An insufficiently protected credentials vulnerability [CWE-522] in FortiSDNConnector may allow an authenticated user to ob...
FortiSDNConnector
1.1.7, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.0
Oct 05, 2021
Severity
Medium
IR Number: FG-IR-20-183
CVE-2021-36178
An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unp...
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0, 4.4.1, 4.4.0, 4.3.1, 4.3.0, 4.2.7, 4.2.6, 4.2.5, 4.2.2, 4.2.1, 4.1.3, 4.1.2, 4.1.1, 4.0.6, 4.0.5, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Jul 07, 2021
Severity
High
IR Number: FG-IR-21-069
CVE-2021-26115
A relative path traversal vulnerability (CWE-23) in FortiWAN may allow a remote non-authenticated attacker to delete files...
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0, 4.4.1, 4.4.0
AscenLink
7.2.9, 7.2.8, 7.2.7, 7.2.6, 7.2.5, 7.2.4, 7.2.3, 7.2.23, 7.2.22, 7.2.21, 7.2.20, 7.2.2, 7.2.19, 7.2.18, 7.2.17, 7.2.16, 7.2.15, 7.2.14, 7.2.13, 7.2.12, 7.2.11, 7.2.10
Apr 27, 2021
Severity
Critical
IR Number: FG-IR-21-048
CVE-2021-26102