- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 24 FortiSandbox
- 7 FortiOS
- 7 FortiManager
- 6 FortiAnalyzer
- 6 FortiMail
- 5 FortiWeb
- 5 FortiADC
- 5 FortiWAN
- 4 FortiAuthenticator
- 4 FortiDDoS
- 4 FortiVoiceEnterprise
- 4 FortiAP
- 4 AscenLink
- 4 FortiDB
- 3 FortiClientWindows
- 3 FortiRecorder
- 3 FortiSwitch
- 3 FortiClientMac
- 3 FortiCache
- 2 FortiPortal
- 2 FortiClientEMS
- 2 FortiAP-W2
- 2 FortiTester
- 2 FortiClientAndroid
- 2 FortiClientiOS
- 2 FortiTokenIOS
- 2 FortiWAN-Manager
- 2 SSL_VPN
- 1 FortiProxy
- 1 FortiSIEM
- 1 FortiWLC
- 1 FortiWLM
- 1 FortiNDR
- 1 FortiAP-U
- 1 FortiDDoS-F
- 1 FortiTokenAndroid
- 1 FSSO Windows CA
- 1 FortiWebManager
- 1 Meru Controller
- 1 FSSO (all dist.)
- 1 FortiExplorer Windows
- 1 FortiGuard
- 1 FortiVoice
- 0 FortiNAC
- 0 FortiAP-S
- 0 FortiSOAR
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 FortiEDR
- 0 Meru AP
- 0 FortiADCManager
- 0 FortiDDoS-CM
- 0 FortiExtender
- 0 FortiIsolator
- 0 FortiSwitchManager
- 0 FortiAP-C
- 0 FortiSIEMWindowsAgent
- 0 FortiAnalyzer-BigData
- 0 FortiFone
- 0 FortiOS-6K7K
- 0 AV Engine
- 0 FSSO Windows DC Agent
- 0 FortiCloud
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
February
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox may allow an attacke...
FortiSandbox
4.0.3, 4.0.2, 4.0.1, 4.0.0, 3.2.4, 3.2.3, 3.2.2, 3.2.1, 3.2.0
Feb 16, 2023
Severity
Medium
IR Number: FG-IR-20-220
CVE-2022-26115
An improper certificate validation vulnerability [CWE-295] in FortiOS, FortiAnalyzer, FortiManager, and FortiSandbox may a...
FortiAnalyzer
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
FortiManager
7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
FortiSandbox
4.0.2, 4.0.1, 4.0.0, 3.2.4, 3.2.3, 3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.7, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
FortiOS
6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10
Jun 07, 2022
Severity
Medium
IR Number: FG-IR-18-292
CVE-2022-22305
A missing cryptographic steps vulnerability [CWE-325] in the function that encrypts users' LDAP and RADIUS credentials in ...
FortiDDoS
5.5.1, 5.5.0, 5.4.2, 5.4.1, 5.4.0, 5.3.1, 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0, 4.5.0, 4.4.2, 4.4.1, 4.4.0
FortiMail
7.0.2, 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.13, 5.3.12, 5.3.10, 5.3.1, 5.3.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.10, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.11, 5.0.10, 5.0.1, 5.0.0
FortiWeb
6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
FortiNDR
1.5.3, 1.5.2, 1.5.1, 1.5.0, 1.4.0, 1.3.1, 1.3.0, 1.2.0, 1.1.0
FortiDDoS-F
6.3.0, 6.2.2, 6.2.1, 6.2.0, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0
FortiSandbox
3.2.2, 3.2.1, 3.2.0
FortiADC
6.2.0, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Dec 07, 2021
Severity
Medium
IR Number: FG-IR-20-222
CVE-2021-32591
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox may allow an authenticated att...
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox may allow an attacker to reuse the unexpired ad...
An improper input validation vulnerability in the sniffer interface of FortiSandbox may allow an authenticated attacker to...
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authentica...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-198
CVE-2021-26097
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allo...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0
Aug 03, 2021
Severity
Medium
IR Number: FG-IR-20-209
CVE-2021-24014
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox may allow an authenticated attacker ...
FortiSandbox
3.2.2, 3.2.1, 3.2.0
Aug 03, 2021
Severity
Medium
IR Number: FG-IR-20-188
CVE-2021-26096
Improper limitation of a pathname to a restricted directory (CWE-22) vulnerabilities in FortiSandbox may allow an authenti...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-202
CVE-2021-24010
An instance of small space of random values in FortiSandbox RPC API may allow an attacker in possession of a few informati...
FortiSandbox
3.2.2, 3.2.1, 3.2.0
Aug 03, 2021
Severity
Medium
IR Number: FG-IR-20-218
CVE-2021-26098
Instances of SQL Injection vulnerabilities in FortiSandbox's checksum search and MTA-quarantine modules may allow an authe...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-171
CVE-2020-29011
An improper access control vulnerability (CWE-284) in FortiSandbox may allow an authenticated, unprivileged attacker to do...
An uncontrolled resource consumption (denial of service) vulnerability in FortiSandbox and FortiAuthenticator login module...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
FortiAuthenticator
6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.5.0, 5.4.1, 5.4.0, 5.3.1, 5.3.0, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.0, 4.3.4, 4.3.2, 4.3.1, 4.3.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-170
CVE-2021-22124
An instance of improper neutralization of special elements in FortiSandbox's sniffer module may allow an authenticated adm...
FortiSandbox
3.2.1, 3.1.0, 3.0.7, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
Jul 07, 2021
Severity
Medium
IR Number: FG-IR-21-005
CVE-2021-22125