Filter by Date
- 2022
  - 1 09-2022
- 2021
  - 1 07-2021
- 2020
  - 1 05-2020
  - 1 02-2020
  - 1 01-2020
- 2019
  - 2 04-2019
- 2018
  - 1 07-2018
Filter by Severity
- 0 Critical
- 2 High
- 6 Medium
- 0 Low
- 0 Informational
Filter by Affected Product
- All
- 7 FortiAP-W2
- 7 FortiAP-S
- 5 FortiAP
- 3 FortiOS
- 3 FortiAP-U
- 2 FortiManager
- 2 FortiWeb
- 2 FortiMail
- 2 FortiClientWindows
- 2 FortiSwitch
- 1 FortiAnalyzer
- 1 FortiADC
- 1 FortiSandbox
- 1 FortiPortal
- 1 FortiWAN
- 1 FortiSIEM
- 1 FortiClientEMS
- 1 FortiClientMac
- 1 FortiTester
- 1 FortiRecorder
- 1 FortiVoiceEnterprise
- 1 AscenLink
- 1 FortiDB
- 1 FortiDDoS
- 1 FortiCache
- 1 Meru AP
- 1 FortiTokenAndroid
- 1 FortiTokenIOS
- 1 FortiClientAndroid
- 1 FortiClientiOS
- 1 Meru Controller
- 1 SSL_VPN
- 1 FSSO (all dist.)
- 1 FortiVoice
- 0 FortiProxy
- 0 FortiAuthenticator
- 0 FortiNAC
- 0 FortiWLC
- 0 FortiSOAR
- 0 FortiWLM
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 FortiEDR
- 0 FortiExtender
- 0 FortiADCManager
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiAP-C
- 0 FortiDDoS-CM
- 0 FortiSwitchManager
- 0 FortiWebManager
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiOS-6K7K
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2023: May , Apr , Mar , Feb , Jan
2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiAP & FortiAP-S & FortiAP-W2 & FortiAP-U - Command injection in CLI

An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line i...

FortiAP 7.2.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0 FortiAP-W2 7.2.0, 7.0.3, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0 FortiAP-U 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.0 FortiAP-S 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Sep 06, 2022 Severity black-background-circle-icon

High IR Number: FG-IR-21-163 CVE-2022-29058

FortiAP - OS command Injection through kdbg CLI command

An instance of improper neutralization of special elements used in an OS Command found in FortiAP's console may allow an a...

FortiAP 6.4.5, 6.4.4, 6.4.3, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0 FortiAP-W2 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.2.5, 6.2.4 FortiAP-S 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.2.5, 6.2.4

Jul 07, 2021 Severity black-background-circle-icon

High IR Number: FG-IR-20-210 CVE-2021-26106

FortiAP system files overwrite via the tcpdump CLI command

An improper input validation (CWE-20) vulnerability in FortiAP CLI admin console may allow unauthorized administrators to ...

FortiAP-U 6.0.1, 6.0.0, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.0 FortiAP-W2 6.2.2, 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0 FortiAP-S 6.2.2, 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3

May 25, 2020 Severity black-background-circle-icon

Medium IR Number: FG-IR-19-298 CVE-2019-15709

FortiAP system command injection through ifconfig command

A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arb...

FortiAP-U 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.0 FortiAP-W2 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0 FortiAP 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.3, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.11, 5.0.10, 5.0.1, 5.0.0 FortiAP-S 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3

Feb 10, 2020 Severity black-background-circle-icon

Medium IR Number: FG-IR-19-209 CVE-2019-15708

Dragonblood vulnerabilities in WiFi WPA3 standard implementation

Multiple vulnerabilities, referred to as Dragonblood, exist in WiFi WPA3 standard implementation .Dragonblood vulnerabilit...

FortiAP-S 6.2.1, 6.2.0 Meru Controller 8.5.0 FortiAP-W2 6.2.1, 6.2.0 FortiOS 6.2.2, 6.2.1, 6.2.0 Meru AP 8.5.0

Jan 03, 2020 Severity black-background-circle-icon

Medium IR Number: FG-IR-19-107 CVE-2019-9494

FortiAP Bleeding Bit Vulnerability

Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability (CVE-2018-16986) present in the Texas Instruments WiF...

FortiAP-S 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.3, 5.6.2, 5.6.1, 5.6.0 FortiAP-W2 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.3, 5.6.2, 5.6.1, 5.6.0

Apr 10, 2019 Severity black-background-circle-icon

Medium IR Number: FG-IR-18-356 CVE-2018-16986

FortiSwitch multiple XSS vulnerabilities in the jQuery library

FortiSwitch is vulnerable to multiple Cross-site Scripting (XSS) attacks present in the jQuery javascript libraryCVE-2015-...

FortiMail 6.0.0, 5.4.5 FortiSIEM 5.2.8 FortiClientWindows 6.0.0 FortiSwitch 6.0.2, 6.0.1, 3.6.8 FortiAP 5.6.3 FortiWeb 6.0.1 FortiOS 6.0.1 FortiPortal 4.2.2 FortiManager 5.6.3 FortiAP-S 5.6.2 FortiAP-W2 5.6.2

Apr 10, 2019 Severity black-background-circle-icon

Medium IR Number: FG-IR-18-013 CVE-2015-9251

OpenSSL Security Advisory [26 Jan 2017]

The OpenSSL project released an advisory on Jan 26th, 2017, describing 3 Moderate, 1 Low severity vulnerabilities, as list...

FortiWeb 5.7.0 FortiVoiceEnterprise 5.3.4 FortiDB 5.1.11 FortiClientMac 5.4.2 FortiClientEMS 1.0.3 FortiClientAndroid 5.4.0 FortiSandbox 2.3.3 FortiAnalyzer 5.4.2, 5.2.10 FortiMail 5.3.8, 5.2.9 FortiSwitch 3.5.0 FortiDDoS 4.3.0 FortiClientiOS 5.4.3 AscenLink 7.2.18 FortiTester 2.8.0 FortiTokenAndroid 3.0.4 FortiADC 4.7.1 FortiWAN 4.3.1 FortiClientWindows 5.4.2 FortiOS 5.4.5, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0 FortiVoice 5.2.2 FortiCache 4.1.5, 0.4.20 FortiManager 5.4.2, 5.2.10 FSSO (all dist.) 5.0.254 FortiRecorder 2.5.1, 2.4.3 FortiAP 5.4.1 SSL_VPN 4.0.2328 FortiTokenIOS 3.0.5

Jul 13, 2018 Severity black-background-circle-icon

Medium IR Number: FG-IR-17-019 CVE-2016-7055

Network

Files and Endpoint

Application

Additional SOC Services

Refine
RESET

PSIRT Advisories

Monthly PSIRT Advisories

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

Refine RESET

PSIRT Advisories

Monthly PSIRT Advisories

Refine
RESET