Filter by Date
- 2023
  - 4 04-2023
  - 4 03-2023
  - 15 02-2023
  - 1 01-2023
- 2022
  - 1 11-2022
  - 2 09-2022
  - 1 08-2022
  - 2 07-2022
  - 1 06-2022
  - 4 05-2022
- 2021
  - 12 12-2021
  - 2 11-2021
  - 1 10-2021
  - 4 09-2021
  - 3 06-2021
  - 1 04-2021
  - 1 02-2021
  - 1 01-2021
- 2020
  - 1 12-2020
  - 2 10-2020
  - 2 09-2020
  - 1 07-2020
  - 1 06-2020
  - 1 05-2020
  - 3 03-2020
  - 2 02-2020
  - 1 01-2020
- 2019
  - 1 12-2019
  - 6 11-2019
  - 1 10-2019
  - 1 09-2019
  - 1 08-2019
  - 2 07-2019
  - 2 06-2019
  - 2 05-2019
  - 1 04-2019
  - 1 02-2019
- 2018
  - 1 07-2018
  - 1 06-2018
  - 2 05-2018
  - 1 04-2018
- 2017
  - 1 12-2017
  - 2 11-2017
  - 2 10-2017
  - 2 07-2017
  - 1 05-2017
  - 2 04-2017
- 2016
  - 1 12-2016
  - 1 11-2016
Filter by Severity
- 0 Critical
- 0 High
- 109 Medium
- 0 Low
- 0 Informational
Filter by Affected Product
- All
- 75 FortiOS
- 36 FortiWeb
- 20 FortiProxy
- 12 FortiManager
- 11 FortiAnalyzer
- 9 FortiMail
- 8 FortiClientEMS
- 8 FortiSwitch
- 6 FortiADC
- 5 FortiSandbox
- 5 FortiAuthenticator
- 5 FortiWAN
- 5 FortiRecorder
- 4 FortiClientWindows
- 4 FortiAP
- 4 FortiAP-W2
- 4 FortiVoiceEnterprise
- 3 FortiClientMac
- 3 FortiTester
- 3 FortiAP-S
- 3 FortiDB
- 3 FortiCache
- 2 FortiPortal
- 2 AscenLink
- 2 FortiDDoS
- 2 FortiTokenIOS
- 2 FortiClientAndroid
- 2 FortiClientiOS
- 2 SSL_VPN
- 1 FortiSIEM
- 1 FortiWLC
- 1 Meru AP
- 1 FortiADCManager
- 1 FortiTokenAndroid
- 1 FSSO Windows CA
- 1 FortiDDoS-CM
- 1 Meru Controller
- 1 AV Engine
- 1 FSSO (all dist.)
- 1 FortiExplorer Windows
- 1 FortiGuard
- 1 FortiVoice
- 0 FortiNAC
- 0 FortiSOAR
- 0 FortiWLM
- 0 FortiAP-U
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 FortiEDR
- 0 FortiExtender
- 0 FortiAP-C
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiWAN-Manager
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiFone
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2023: May , Apr , Mar , Feb , Jan
2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiGate - Policy-based NGFW SSL VPN mode doesn't filter accesses via Bookmarks

A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate Policy-based NGFW Mode may allow an authenticated...

FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0

Apr 11, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-381 CVE-2022-42469

FortiOS & FortiProxy - Anti brute-force bypass in administrative interface

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiOS & FortiProxy administrativ...

FortiProxy 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.12, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0 FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.10, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.12, 6.4.11, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.14, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0

Apr 11, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-444 CVE-2022-43947

FortiOS & FortiProxy - Open redirect in sslvpnd

A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiOS and FortiProxy sslvpnd may allow ...

FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.12, 6.4.11, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.14, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0 FortiProxy 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.12, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0

Apr 11, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-479 CVE-2023-22641

FortiWeb & FortiADC - OS command injection in CLI

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interprete...

FortiWeb 7.0.3, 7.0.2, 7.0.1, 7.0.0 FortiADC 7.1.1, 7.1.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.6, 6.1.5, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0

Apr 11, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-186 CVE-2022-43948

FortiOS & FortiProxy - Access of NULL pointer in SSLVPNd

An access of uninitialized pointer vulnerability [CWE-824] in the SSL-VPN portal of FortiOS & FortiProxy may allow a remot...

FortiProxy 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5 FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.11, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0

Mar 07, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-477 CVE-2022-45861

FortiOS - Path traversal in execute command

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiOS may all...

FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.11, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0

Mar 07, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-369 CVE-2022-41328

FortiOS / FortiProxy - Unauthenticated access to static files containing logging information

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS and FortiProxy administra...

FortiProxy 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.11, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.14, 6.2.13, 6.2.12, 6.2.11, 6.2.10

Mar 07, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-22-364 CVE-2022-41329

FortiWeb and FortiRecorder - Arbitrary file read through command line pipe

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpret...

FortiRecorder 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 2.7.7, 2.7.6, 2.7.5, 2.7.4, 2.7.3, 2.7.2, 2.7.1, 2.7.0 FortiWeb 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Mar 07, 2023 Severity black-background-circle-icon

Medium IR Number: FG-IR-21-218 CVE-2022-22297

FortiOS & FortiProxy - Ability to modify privileges from Custom to Read-Write

An improper privilege management vulnerability [CWE-269] in FortiOS & FortiProxy may allow an administrator that has acces...

FortiOS 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.12, 6.4.11, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.14, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0 FortiProxy 7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.12, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0