- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 8 FortiSandbox
- 7 FortiManager
- 7 FortiAnalyzer
- 4 FortiAuthenticator
- 3 FortiOS
- 3 FortiPortal
- 3 FortiClientLinux
- 2 FortiProxy
- 2 FortiADC
- 2 FortiWAN
- 2 FortiWLC
- 2 FortiAP
- 2 FortiVoiceEnterprise
- 2 AscenLink
- 2 FortiDB
- 2 FortiWAN-Manager
- 1 FortiMail
- 1 FortiWeb
- 1 FortiClientWindows
- 1 FortiSIEM
- 1 FortiClientEMS
- 1 FortiClientMac
- 1 FortiAP-W2
- 1 FortiSwitch
- 1 FortiRecorder
- 1 FortiWLM
- 1 FortiAP-U
- 1 FortiDeceptor
- 1 FortiDDoS
- 1 FortiCache
- 1 FortiWebManager
- 1 Meru Controller
- 0 FortiNAC
- 0 FortiSOAR
- 0 FortiTester
- 0 FortiAP-S
- 0 FortiEDR
- 0 Meru AP
- 0 FortiExtender
- 0 FortiADCManager
- 0 FortiAP-C
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FSSO Windows CA
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiDDoS-CM
- 0 FortiOS-6K7K
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice
April
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An improper privilege management vulnerability [CWE-269] in FortiSandbox & FortiDeceptor may allow a remote authenticated ...
FortiDeceptor
4.1.0, 4.0.2, 4.0.1, 4.0.0, 3.3.3, 3.3.2, 3.3.1, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 2.1.0, 2.0.0, 1.1.0, 1.0.1, 1.0.0
FortiSandbox
4.2.2, 4.2.1, 4.2.0, 4.0.2, 4.0.1, 4.0.0, 3.2.3, 3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.7, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 2.5.2, 2.5.1, 2.5.0
Apr 11, 2023
Severity
High
IR Number: FG-IR-22-056
CVE-2022-27487
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiManager and FortiAnalyzer re...
FortiAnalyzer
7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
FortiManager
7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
Nov 01, 2022
Severity
High
IR Number: FG-IR-21-228
CVE-2022-39950
A buffer copy without checking size of input ('Classic Buffer Overflow')Â vulnerability [CWE-120] in FortiAnalyzer, Forti...
FortiManager
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiAnalyzer
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiOS
7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0
FortiProxy
7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0
Jul 05, 2022
Severity
High
IR Number: FG-IR-21-206
CVE-2021-43072
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS and an improper certifica...
FortiClientLinux
7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
FortiClientMac
7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1
FortiClientEMS
7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
FortiClientWindows
7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
Dec 07, 2021
Severity
High
IR Number: FG-IR-21-075
CVE-2021-41028
An OS command injection (CWE-78)Â vulnerability in FortiClient for Linux may allow an unauthenticated, network-adjacent at...
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI may allow a remote and...
FortiManager
7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiAnalyzer
7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-21-050
CVE-2021-32603
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager, FortiAnalyzer, and F...
FortiAnalyzer
6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiManager
6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiPortal
6.0.4
Aug 03, 2021
Severity
High
IR Number: FG-IR-21-037
CVE-2021-26104
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authentic...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-198
CVE-2021-26097
Improper limitation of a pathname to a restricted directory (CWE-22) vulnerabilities in FortiSandbox may allow an authenti...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.5, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-202
CVE-2021-24010
Instances of SQL Injection vulnerabilities in FortiSandbox's checksum search and MTA-quarantine modules may allow an authe...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-171
CVE-2020-29011
An uncontrolled resource consumption (denial of service) vulnerability in FortiSandbox and FortiAuthenticator login module...
FortiSandbox
3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
FortiAuthenticator
6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.5.0, 5.4.1, 5.4.0, 5.3.1, 5.3.0, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.0, 4.3.4, 4.3.2, 4.3.1, 4.3.0
Aug 03, 2021
Severity
High
IR Number: FG-IR-20-170
CVE-2021-22124
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux may allow local users to...
FortiClientLinux
6.4.0, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Oct 19, 2020
Severity
High
IR Number: FG-IR-20-110
CVE-2020-15934
TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479
CVE-2019-11477: The Linux kernel is vulnerable to an integer overflow in the 16 bit width of TCP_SKB_CB(skb)->tcp_gso_segs...
FortiWAN
4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0, 4.4.1
FortiManager
6.2.0, 6.0.7, 6.0.6, 6.0.5
FortiSwitch
6.2.2, 6.2.1, 6.0.4, 3.6.11, 3.6.10
FortiAP-W2
6.2.0, 6.0.6, 6.0.5
FortiVoiceEnterprise
5.3.26, 5.3.25, 5.3.24, 5.3.23, 5.3.22, 5.3.21
FortiPortal
5.2.3
FortiMail
6.0.5, 5.4.9
FortiAuthenticator
6.0.1
FortiSandbox
3.0.7, 3.0.6, 3.0.5, 3.0.4
FortiWAN-Manager
4.5.1
AscenLink
7.2.23
FortiSIEM
5.2.2
FortiAP-U
5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.0
FortiRecorder
2.7.4
FortiAP
6.0.5
FortiADC
5.3.1, 5.2.4, 5.1.6
FortiAnalyzer
6.2.0, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiProxy
1.1.3
Nov 29, 2019
Severity
High
IR Number: FG-IR-19-180
CVE-2019-11477
Multiple Fortinet products may be affected by the following Linux Kernel vulnerability:CVE-2016-10229 Linux Kernel ipv4/ud...
FortiManager
5.4.2
FortiAP
5.6.0, 5.4.2
FortiSandbox
3.0.7, 3.0.6, 3.0.5, 3.0.4
FortiAnalyzer
5.4.2
FortiWeb
5.7.3, 5.7.2
FortiADC
4.8.0
Meru Controller
8.4.5, 8.4.4
FortiWAN-Manager
4.3.0
FortiWAN
4.3.1
FortiPortal
5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.2.0, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0
FortiWebManager
6.0.0
FortiDDoS
4.3.2, 4.3.1
FortiOS
5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
FortiAuthenticator
5.0.0
FortiCache
4.2.2
FortiVoiceEnterprise
5.3.6
AscenLink
7.2.19
FortiWLM
8.4.0
FortiWLC
8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2
Jul 24, 2019
Severity
High
IR Number: FG-IR-17-118
CVE-2016-10229
Of multiple vulnerabilities released affecting Linux kernels through 4.6.3, FortiOS was found vulnerable to the following ...
FortiSandbox
2.3.0, 2.2.2, 2.2.1, 2.2.0, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.4.3, 1.4.2, 1.4.1, 1.4.0, 1.3.0, 1.2.3, 1.2.0, 1.1.0
FortiOS
5.4.1, 5.4.0
FortiDB
5.1.9, 5.1.8, 5.1.7, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.0, 4.4.3, 4.4.2, 4.4.1, 4.4.0, 4.3.2, 4.0.1, 4.0.0, 3.2.7, 3.2.6, 3.2.5, 3.2.4, 3.2.3, 3.2.1, 2.4.0, 2.0.2, 0.5.16, 0.4.10
Apr 05, 2017
Severity
High
IR Number: FG-IR-16-052
CVE-2016-3713