- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 8 FortiWLC
- 7 FortiSIEM
- 3 FortiManager
- 3 FortiClientLinux
- 2 FortiOS
- 2 FortiAnalyzer
- 2 FortiPortal
- 2 FortiWAN
- 1 FortiWeb
- 1 FortiMail
- 1 FortiADC
- 1 FortiClientWindows
- 1 FortiAuthenticator
- 1 FortiSwitch
- 1 FortiAP
- 1 FortiAP-W2
- 1 FortiAP-S
- 1 FortiDDoS
- 1 FortiExtender
- 1 FortiADCManager
- 1 FortiAP-C
- 1 FortiDDoS-CM
- 0 FortiProxy
- 0 FortiSandbox
- 0 FortiNAC
- 0 FortiClientEMS
- 0 FortiClientMac
- 0 FortiRecorder
- 0 FortiSOAR
- 0 FortiTester
- 0 FortiVoiceEnterprise
- 0 FortiWLM
- 0 FortiAP-U
- 0 FortiDeceptor
- 0 AscenLink
- 0 FortiDB
- 0 FortiEDR
- 0 Meru AP
- 0 FortiCache
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice
April
(3)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux may allow an una...
FortiClientLinux
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Apr 05, 2022
Severity
Medium
IR Number: FG-IR-21-232
CVE-2021-44167
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux may allow a...
FortiClientLinux
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Apr 05, 2022
Severity
Medium
IR Number: FG-IR-21-226
CVE-2021-43205
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC may allow a local and authenticated attacker to cra...
FortiWLC
8.6.2, 8.6.1, 8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6
Apr 05, 2022
Severity
Medium
IR Number: FG-IR-21-002
CVE-2021-26093
An improper access control (CWE-284) vulnerability in FortiWLC may allow an unauthenticated and remote attacker to access ...
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3
Jun 03, 2021
Severity
Medium
IR Number: FG-IR-20-138
CVE-2021-32584
Multiple instances of stack-based buffer overflow vulnerability (CWE-121) in the command line interface of FortiWLC may al...
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6, 8.0.5
Jun 01, 2021
Severity
Medium
IR Number: FG-IR-21-001
CVE-2021-26094
An improper neutralization of input during web page generation in FortiWLC web interface may allow both authenticated remo...
FortiWLC
8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3
Jun 01, 2021
Severity
Medium
IR Number: FG-IR-20-137
CVE-2021-26087
A use of hard-coded password vulnerability in Meru AP may allow a remote authenticated attacker to access the system as ro...
FortiWLC
8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.2.7, 8.2.6
Jun 01, 2021
Severity
Medium
IR Number: FG-IR-20-147
CVE-2021-22126
An improper access control vulnerability in the admin SSH console of multiple products may allow an authenticated user to ...
FortiADC
5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiExtender
4.2.0
FortiManager
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiAnalyzer
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0
FortiPortal
5.3.2, 5.2.4
FortiDDoS-CM
5.2.0
FortiAP-C
5.4.2
FortiDDoS
5.2.0
FortiWLC
8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1
FortiADCManager
5.3.0
FortiSIEM
6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0
Jun 26, 2020
Severity
Medium
IR Number: FG-IR-19-292
CVE-2004-1653
An expression language injection vulnerability in FortiSIEM JBoss RichFaces library may allow a remote attacker to inject ...
An improper neutralization of input vulnerability in FortiWLC may allow a remote authenticated attacker to perform a store...
TCP stacks that lack RFC 5961 3.2 & 4.2 support (or have it disabled at application level) may allow remote attackers to g...
FortiAnalyzer
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiAuthenticator
6.2.2, 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.5.0
FortiWAN
4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0
FortiWLC
8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0
FortiOS
6.0.2, 5.4.1, 5.4.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0
FortiManager
6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
May 20, 2020
Severity
Medium
IR Number: FG-IR-16-039
CVE-2004-0230
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated...
A privilege escalation vulnerability in FortiClient for Linux may allow a user with low privilege to run root system comma...
FortiClientLinux
6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Jan 27, 2020
Severity
Medium
IR Number: FG-IR-19-238
CVE-2019-15711
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule...
A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database ...
FortiSIEM
5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0, 4.9.0, 4.7.2, 4.10.0
Jan 13, 2020
Severity
Medium
IR Number: FG-IR-19-195
CVE-2019-16153