Filter by Date
- 2023
  - 1 03-2023
- 2022
  - 1 09-2022
- 2021
  - 3 06-2021
  - 1 05-2021
  - 1 04-2021
  - 4 03-2021
  - 2 02-2021
- 2020
  - 1 07-2020
  - 1 02-2020
- 2019
  - 3 11-2019
  - 1 04-2019
- 2018
  - 1 07-2018
  - 1 04-2018
- 2017
  - 1 04-2017
Filter by Severity
- 0 Critical
- 0 High
- 22 Medium
- 0 Low
- 0 Informational
Filter by Affected Product
- All
- 17 FortiProxy
- 12 FortiOS
- 5 FortiAP
- 4 FortiManager
- 4 FortiAnalyzer
- 4 FortiADC
- 4 FortiMail
- 4 FortiSwitch
- 3 FortiWeb
- 3 FortiClientWindows
- 3 FortiWAN
- 3 FortiTester
- 3 FortiAP-W2
- 3 FortiRecorder
- 3 FortiVoiceEnterprise
- 2 FortiSandbox
- 2 FortiAuthenticator
- 2 FortiClientEMS
- 2 FortiClientMac
- 2 FortiAP-S
- 2 AscenLink
- 2 FortiDB
- 2 FortiDDoS
- 2 FortiCache
- 2 FortiTokenIOS
- 2 FortiClientAndroid
- 2 SSL_VPN
- 1 FortiPortal
- 1 FortiSIEM
- 1 FortiAP-U
- 1 FortiADCManager
- 1 FortiTokenAndroid
- 1 FSSO Windows CA
- 1 FortiClientiOS
- 1 FortiDDoS-CM
- 1 FSSO (all dist.)
- 1 FortiExplorer Windows
- 1 FortiVoice
- 0 FortiNAC
- 0 FortiWLC
- 0 FortiSOAR
- 0 FortiWLM
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 FortiEDR
- 0 FortiExtender
- 0 Meru AP
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiWAN-Manager
- 0 FortiAP-C
- 0 FortiSwitchManager
- 0 FortiWebManager
- 0 Meru Controller
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2023: May , Apr , Mar , Feb , Jan
2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiOS & FortiProxy - Access of NULL pointer in SSLVPNd

An access of uninitialized pointer vulnerability [CWE-824] in the SSL-VPN portal of FortiOS & FortiProxy may allow a remot...

FortiProxy 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5 FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.11, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0

Mar 07, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-477 CVE-2022-45861

FortiOS -- XSS vulnerability observed in External Connectors Of Security Fabric

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS may allow an authenticate...

FortiOS 7.2.0, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0 FortiProxy 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0

Sep 06, 2022 Severity black-background-circle-icon

Medium IR Number: FG-IR-21-222 CVE-2021-43080

FortiGate & FortiADC - Read-only admins can obtain the LDAP credentials configured in the FortiGate and FortiADC using the LDAP test connectivity feature

FortiGate's and FortiADC's read-only admins are able to point an LDAP server connectivity test request to a rogue LDAP se...

FortiADC 6.1.0, 6.0.2, 6.0.1, 6.0.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0 FortiOS 6.0.2, 6.0.1, 6.0.0, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0 FortiProxy 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0

Jun 01, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-18-157 CVE-2018-13374

FortiOS/FortiProxy - SSL VPN portal is vulnerable to an XSS

Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cro...

FortiProxy 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0 FortiOS 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10

Jun 01, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-20-199 CVE-2021-26092

FortiProxy - Stack-based Buffer overflow vulnerability through the diagnose sys cpuset CLI command

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI may allow an authenticated, remote attack...

FortiProxy 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0

Jun 01, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-21-006 CVE-2021-22130

XSS vulnerability in FortiProxy SSLVPN Portal

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy may allow a remote auth...

FortiProxy 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0

May 05, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-20-226 CVE-2019-15706

FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability

A stack-based buffer overflow vulnerability in the HTTPD daemon of FortiProxy may allow an authenticated remote attacker t...

FortiProxy 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0

Apr 06, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-21-007 CVE-2019-17656

FortiProxy multiple pre-auth XSS vulnerabilities on SSL VPN

An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenti...

FortiProxy 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6

Mar 02, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-20-230 CVE-2018-13380

FortiProxy SSL VPN user credential plaintext storage

A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiProxy SSL VPN may allow an attacker to retrieve a...

FortiProxy 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6

Mar 02, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-20-224 CVE-2019-17655

FortiProxy SSL-VPN Improper Access Control vulnerability through the Quick connection functionality

An improper access control vulnerability in FortiProxy SSL VPN portal may allow an authenticated, remote attacker to acces...

FortiProxy 2.0.2, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6

Mar 02, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-20-235 CVE-2021-22128

Potential sensitive information can be displayed in cleartext in FortiProxy CLI window

A cleartext storage of sensitive information vulnerability in FortiProxy command line interface may allow an authenticated...

FortiProxy 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6

Mar 02, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-20-236 CVE-2020-6648

Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request

A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perfo...

FortiProxy 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6

Feb 03, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-20-232 CVE-2018-13381

FortiProxy SSL VPN buffer overflow when parsing javascript href content

A heap buffer overflow vulnerability in the FortiProxy SSL VPN web portal may cause the SSL VPN web service termination fo...

FortiProxy 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6

Feb 03, 2021 Severity black-background-circle-icon

Medium IR Number: FG-IR-20-229 CVE-2018-13383

FortiOS SSL VPN 2FA bypass by changing username case

An improper authentication vulnerability in SSL VPN in FortiOS may result in a user being able to log in successfully with...

FortiProxy 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0 FortiOS 6.4.0, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Jul 13, 2020 Severity black-background-circle-icon

Medium IR Number: FG-IR-19-283 CVE-2020-12812

FortiAP system command injection through ifconfig command

A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arb...

FortiAP-U 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.0 FortiAP-W2 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0 FortiAP 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.3, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.11, 5.0.10, 5.0.1, 5.0.0 FortiAP-S 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3

Feb 10, 2020 Severity black-background-circle-icon

Medium IR Number: FG-IR-19-209 CVE-2019-15708

Network

Files and Endpoint

Application

Additional SOC Services

Refine
RESET

PSIRT Advisories

Monthly PSIRT Advisories

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

Refine RESET

PSIRT Advisories

Monthly PSIRT Advisories

Refine
RESET