- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 13 FortiSIEM
- 10 FortiTester
- 6 FortiManager
- 6 FortiAnalyzer
- 5 FortiMail
- 5 FortiADC
- 5 FortiWAN
- 4 FortiOS
- 4 FortiSandbox
- 4 FortiClientWindows
- 4 FortiAuthenticator
- 4 FortiSwitch
- 4 FortiAP
- 4 FortiRecorder
- 4 FortiVoiceEnterprise
- 3 FortiWeb
- 3 FortiProxy
- 3 FortiPortal
- 3 FortiAP-W2
- 3 AscenLink
- 3 FortiDDoS
- 3 FortiADCManager
- 3 FortiIsolator
- 2 FortiClientEMS
- 2 FortiClientMac
- 2 FortiDB
- 2 FortiCache
- 2 FortiTokenIOS
- 2 FortiClientAndroid
- 2 FortiDDoS-CM
- 2 SSL_VPN
- 1 FortiWLC
- 1 FortiAP-S
- 1 FortiAP-U
- 1 FortiExtender
- 1 FortiAP-C
- 1 FortiTokenAndroid
- 1 FortiWAN-Manager
- 1 FSSO Windows CA
- 1 FortiClientiOS
- 1 FSSO (all dist.)
- 1 FortiExplorer Windows
- 1 FortiVoice
- 0 FortiNAC
- 0 FortiSOAR
- 0 FortiWLM
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 FortiEDR
- 0 Meru AP
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 AV Engine
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiFone
- 0 FortiGuard
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
April
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
A security advisory was released affecting a version of the Linux Kernel used in FortiAuthenticator, FortiProxy & FortiSIE...
FortiSIEM
6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0
FortiProxy
7.0.3, 7.0.2, 7.0.1, 7.0.0
FortiAuthenticator
6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0
Apr 11, 2023
Severity
High
IR Number: FG-IR-22-050
CVE-2022-0847
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-7...
FortiTester
7.1.0, 7.0.0, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.1, 2.4.0, 2.3.0
Jan 03, 2023
Severity
High
IR Number: FG-IR-22-274
CVE-2022-35845
An improper authentification vulnerability [CWE-287] in FortiSIEM may allow a local attacker with CLI access to perform op...
FortiSIEM
6.4.2, 6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0
Nov 01, 2022
Severity
High
IR Number: FG-IR-22-064
CVE-2022-26119
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interprete...
FortiTester
7.1.0, 7.0.0, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0
Nov 01, 2022
Severity
High
IR Number: FG-IR-22-070
CVE-2022-33870
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI may allow a local, privileged user to obtain a root she...
FortiTester
7.1.0, 7.0.0, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.1, 2.4.0, 2.3.0
Nov 01, 2022
Severity
Medium
IR Number: FG-IR-22-283
CVE-2022-38372
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of...
FortiTester
7.1.0, 7.0.0, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.1, 2.4.0, 2.3.0
Oct 10, 2022
Severity
Medium
IR Number: FG-IR-22-247
CVE-2022-35844
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port may allow ...
FortiTester
7.1.1, 7.1.0, 7.0.0, 4.2.1, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.2, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.1, 2.4.0, 2.3.0
Oct 10, 2022
Severity
High
IR Number: FG-IR-22-244
CVE-2022-35846
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-7...
FortiTester
7.1.0, 7.0.0, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.1, 2.4.0, 2.3.0
Oct 10, 2022
Severity
Critical
IR Number: FG-IR-22-237
CVE-2022-33873
An improper access control vulnerability [CWE-284] in FortiIsolator may allow an authenticated, non privileged attacker to...
A clear text storage of sensitive information into log file vulnerability in FortiADCManager and FortiADC may allow a remo...
FortiADCManager
5.3.0, 5.2.1, 5.2.0
Apr 06, 2021
Severity
Medium
IR Number: FG-IR-19-244
CVE-2021-24024
An insufficient session expiration vulnerability in FortiIsolator may allow an attacker to reuse the unexpired admin user ...
An improper neutralization of input vulnerability in FortiAnalyzer and FortiTester may allow a remote authenticated attack...
FortiTester
3.8.0, 3.7.0
FortiAnalyzer
6.4.0, 6.2.3
Sep 21, 2020
Severity
Medium
IR Number: FG-IR-20-054
CVE-2020-12815
An improper access control vulnerability in the admin SSH console of multiple products may allow an authenticated user to ...
FortiADC
5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiExtender
4.2.0
FortiManager
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiAnalyzer
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0
FortiPortal
5.3.2, 5.2.4
FortiDDoS-CM
5.2.0
FortiAP-C
5.4.2
FortiDDoS
5.2.0
FortiWLC
8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1
FortiADCManager
5.3.0
FortiSIEM
6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0
Jun 26, 2020
Severity
Medium
IR Number: FG-IR-19-292
CVE-2004-1653
An expression language injection vulnerability in FortiSIEM JBoss RichFaces library may allow a remote attacker to inject ...
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated...