- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 12 FortiWLC
- 5 FortiManager
- 5 FortiAnalyzer
- 4 FortiOS
- 4 FortiAuthenticator
- 4 FortiWAN
- 3 FortiADC
- 2 FortiPortal
- 2 FortiAP
- 2 FortiVoiceEnterprise
- 2 FortiDDoS
- 2 FortiADCManager
- 2 FortiDDoS-CM
- 1 FortiWeb
- 1 FortiProxy
- 1 FortiMail
- 1 FortiSandbox
- 1 FortiSIEM
- 1 FortiRecorder
- 1 FortiTester
- 1 FortiWLM
- 1 AscenLink
- 1 FortiDB
- 1 Meru AP
- 1 FortiCache
- 1 FortiExtender
- 1 FortiAP-C
- 1 FortiWAN-Manager
- 1 FortiWebManager
- 1 Meru Controller
- 0 FortiClientWindows
- 0 FortiNAC
- 0 FortiClientEMS
- 0 FortiSwitch
- 0 FortiAP-W2
- 0 FortiClientMac
- 0 FortiSOAR
- 0 FortiAP-S
- 0 FortiAP-U
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 FortiEDR
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FSSO Windows CA
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice
April
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC may allow a local and authenticated attacker to cra...
FortiWLC
8.6.2, 8.6.1, 8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6
Apr 05, 2022
Severity
Medium
IR Number: FG-IR-21-002
CVE-2021-26093
An improper access control vulnerability [CWE-284] in FortiWLC may allow an authenticated and remote attacker with low pri...
FortiWLC
8.6.1, 8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6, 8.0.5
Dec 07, 2021
Severity
High
IR Number: FG-IR-21-200
CVE-2021-42758
An improper access control (CWE-284) vulnerability in FortiWLC may allow an unauthenticated and remote attacker to access ...
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3
Jun 03, 2021
Severity
Medium
IR Number: FG-IR-20-138
CVE-2021-32584
Multiple instances of stack-based buffer overflow vulnerability (CWE-121) in the command line interface of FortiWLC may al...
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6, 8.0.5
Jun 01, 2021
Severity
Medium
IR Number: FG-IR-21-001
CVE-2021-26094
An improper neutralization of input during web page generation in FortiWLC web interface may allow both authenticated remo...
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3
Jun 01, 2021
Severity
Medium
IR Number: FG-IR-20-137
CVE-2021-26087
A use of hard-coded password vulnerability in Meru AP may allow a remote authenticated attacker to access the system as ro...
FortiWLC
8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.2.7, 8.2.6
Jun 01, 2021
Severity
Medium
IR Number: FG-IR-20-147
CVE-2021-22126
An improper access control vulnerability in the admin SSH console of multiple products may allow an authenticated user to ...
FortiADC
5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiExtender
4.2.0
FortiManager
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiAnalyzer
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0
FortiPortal
5.3.2, 5.2.4
FortiDDoS-CM
5.2.0
FortiAP-C
5.4.2
FortiDDoS
5.2.0
FortiWLC
8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1
FortiADCManager
5.3.0
FortiSIEM
6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0
Jun 26, 2020
Severity
Medium
IR Number: FG-IR-19-292
CVE-2004-1653
An improper neutralization of input vulnerability in FortiWLC may allow a remote authenticated attacker to perform a store...
TCP stacks that lack RFC 5961 3.2 & 4.2 support (or have it disabled at application level) may allow remote attackers to g...
FortiAnalyzer
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiAuthenticator
6.2.2, 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.5.0
FortiWAN
4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0
FortiWLC
8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0
FortiOS
6.0.2, 5.4.1, 5.4.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiManager
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
May 20, 2020
Severity
Medium
IR Number: FG-IR-16-039
CVE-2004-0230
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before...
FortiOS
6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
FortiAnalyzer
6.2.0
FortiTester
3.5.0
FortiADC
5.2.2
FortiVoiceEnterprise
5.3.26, 5.3.25
FortiManager
6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0
FortiAuthenticator
6.1.3, 6.1.2, 6.1.1, 6.1.0
FortiRecorder
2.7.1, 2.6.3
FortiDDoS-CM
5.1.0
FortiADCManager
5.2.1
FortiMail
6.0.4, 5.4.9
FortiProxy
1.1.5, 1.1.2, 1.0.6
FortiWAN
5.2.0
Nov 14, 2019
Severity
Medium
IR Number: FG-IR-19-017
CVE-2019-5587
Multiple Fortinet products may be affected by the following Linux Kernel vulnerability:CVE-2016-10229 Linux Kernel ipv4/ud...
FortiManager
5.4.2
FortiAP
5.6.0, 5.4.2
FortiSandbox
3.0.7, 3.0.6, 3.0.5, 3.0.4
FortiAnalyzer
5.4.2
FortiWeb
5.7.3, 5.7.2
FortiADC
4.8.0
Meru Controller
8.4.5, 8.4.4
FortiWAN-Manager
4.3.0
FortiWAN
4.3.1
FortiPortal
5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.2.0, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0
FortiWebManager
6.0.0
FortiDDoS
4.3.2, 4.3.1
FortiOS
5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
FortiAuthenticator
5.0.0
FortiCache
4.2.2
FortiVoiceEnterprise
5.3.6
AscenLink
7.2.19
FortiWLM
8.4.0
FortiWLC
8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2
Jul 24, 2019
Severity
High
IR Number: FG-IR-17-118
CVE-2016-10229
Several vulnerabilities affect the Wi-Fi Protected Access II (WPA2) protocol, potentially enabling Man-in-the-Middle (MitM...
FortiWLC
8.3.2, 8.2.6
FortiAP
5.6.0, 5.4.3, 5.2.6
FortiOS
5.6.2, 5.6.1, 5.6.0, 5.4.8, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.6
Meru AP
8.3.2
Oct 16, 2017
Severity
High
IR Number: FG-IR-17-196
CVE-2017-13082
An exploit has been discovered in GNU Bourne Again Shell (Bash) versions 1.14.0 through 4.3. This vulnerability may allow...
FortiAnalyzer
5.2.0, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0
FortiManager
5.2.0, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3.0, 4.2.9, 4.2.8, 4.2.7, 4.2.6, 4.2.5, 4.2.4, 4.2.2, 4.2.1, 4.2.0, 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.0.3, 4.0.2, 4.0.1, 4.0.0
FortiAuthenticator
3.1.1, 3.1.0, 3.0.3, 3.0.0, 2.2.0, 2.1.0, 1.3.1, 1.3.0, 1.2.1, 1.2.0, 1.1.0, 1.0.0
FortiDB
5.1.1, 5.1.0, 5.0.0, 4.4.3, 4.4.2, 4.4.1, 4.4.0, 4.3.2, 4.0.1, 4.0.0, 3.2.7, 3.2.6, 3.2.5, 3.2.4, 3.2.3, 3.2.1, 0.4.10
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6, 8.0.5
Sep 25, 2014
Severity
High
IR Number: FG-IR-14-030
CVE-2014-6277