Filter by Date
- 2022
  - 3 10-2022
  - 1 06-2022
  - 1 05-2022
  - 1 04-2022
  - 1 03-2022
- 2021
  - 2 12-2021
  - 2 08-2021
  - 2 07-2021
  - 1 04-2021
- 2020
  - 1 07-2020
  - 1 04-2020
- 2019
  - 1 07-2019
- 2018
  - 1 05-2018
- 2017
  - 1 11-2017
  - 1 09-2017
  - 1 06-2017
  - 1 05-2017
- 2016
  - 1 11-2016
  - 1 09-2016
  - 1 01-2016
- 2015
  - 1 07-2015
- 2014
  - 1 10-2014
  - 1 09-2014
  - 2 04-2014
- 2013
  - 1 05-2013
Filter by Severity
- 31 Critical
- 0 High
- 0 Medium
- 0 Low
- 0 Informational
Filter by Affected Product
- All
- 4 FortiPortal
- 3 FortiAnalyzer
- 3 FortiMail
- 2 FortiManager
- 2 FortiWAN
- 2 FortiAnalyzer-BigData
- 1 FortiOS
- 1 FortiProxy
- 1 FortiAuthenticator
- 1 FortiSIEM
- 1 FortiWLC
- 1 FortiTester
- 1 FortiVoiceEnterprise
- 1 AscenLink
- 1 FortiDB
- 1 FortiFone
- 1 FortiSwitchManager
- 0 FortiWeb
- 0 FortiADC
- 0 FortiSandbox
- 0 FortiClientWindows
- 0 FortiClientEMS
- 0 FortiClientMac
- 0 FortiWLM
- 0 FortiNAC
- 0 FortiSwitch
- 0 FortiAP
- 0 FortiDDoS
- 0 FortiSOAR
- 0 FortiRecorder
- 0 FortiAP-S
- 0 FortiAP-U
- 0 FortiAP-W2
- 0 FortiClientLinux
- 0 FortiDeceptor
- 0 FortiEDR
- 0 FortiDDoS-F
- 0 FortiIsolator
- 0 FortiADCManager
- 0 FortiExtender
- 0 FortiNDR
- 0 FortiSIEMWindowsAgent
- 0 FortiAP-C
- 0 FortiCache
- 0 FortiClientiOS
- 0 FortiDDoS-CM
- 0 FortiTokenAndroid
- 0 FortiWebManager
- 0 Meru AP
- 0 AV Engine
- 0 FSSO Windows CA
- 0 FSSO Windows DC Agent
- 0 FortiClientAndroid
- 0 FortiCloud
- 0 FortiGuard
- 0 FortiOS-6K7K
- 0 FortiSDNConnector
- 0 FortiTokenIOS
- 0 FortiTokenMobileWP
- 0 FortiWAN-Manager
- 0 Meru Controller

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2022: Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

Apache commons_text(CVE-2022-42889) and commons_configuration (CVE-2022-33980) vulnerability

CVE-2022-42889: Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and e...

FortiAnalyzer-BigData 7.0.4, 7.0.3, 7.0.2, 7.0.1

Oct 28, 2022 Severity light-circle-logo

Critical IR Number: FG-IR-22-399 CVE-2022-42889

FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface

An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitch...

FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 FortiSwitchManager 7.2.0, 7.0.0

Oct 10, 2022 Severity light-circle-logo

Critical IR Number: FG-IR-22-377 CVE-2022-40684

FortiTester - Unauthenticated command injection

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-7...

FortiTester 7.1.0, 7.0.0, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.1, 2.4.0, 2.3.0

Oct 10, 2022 Severity light-circle-logo

Critical IR Number: FG-IR-22-237 CVE-2022-33873

Multiple vulnerabilities in Apache Airflow

Security advisories were released affecting the version of Apache Airflow library used in some Fortinet products: CVE-202...

FortiAnalyzer 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

Jun 07, 2022 Severity light-circle-logo

Critical IR Number: FG-IR-22-008 CVE-2020-13927

Multiple vulnerabilities in PJSIP library

Some advisories were released affecting the version of PJSIP library used in some Fortinet products: CVE-2021-43845: PJ...

FortiFone 3.0.9, 3.0.8, 3.0.7, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.11, 3.0.10, 3.0.1, 3.0.0

May 03, 2022 Severity light-circle-logo

Critical IR Number: FG-IR-22-007 CVE-2021-37706

FortiWAN - Pervasive SQL injection

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN may allow an unaut...

FortiWAN 4.5.8

Apr 05, 2022 Severity light-circle-logo

Critical IR Number: FG-IR-21-062 CVE-2021-26114

FortiMail - Administrative authentication bypass

An improper authentication vulnerability [CWE-287] in FortiMail may allow a remote attacker to efficiently guess one admin...

FortiMail 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0

Mar 01, 2022 Severity light-circle-logo

Critical IR Number: FG-IR-21-028 CVE-2021-36166

Multiple Apache Vulnerabilities fixed in 2.4.52

The Apache project released an advisory, describing the following vulnerabilities: 1) CVE-2021-44790 A carefully crafted...

Dec 28, 2021 Severity light-circle-logo

Critical IR Number: FG-IR-21-253 CVE-2021-44790

Apache log4j2 log messages substitution (CVE-2021-44228)

Apache Log4j <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker co...

FortiAnalyzer-BigData 7.0.2, 7.0.1, 6.4.7, 6.4.6, 6.4.5, 6.2.5 FortiPortal 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0 FortiSIEM 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0

Dec 12, 2021 Severity light-circle-logo

Critical IR Number: FG-IR-21-245 CVE-2021-44228

FortiPortal - Authentication bypass and remote code execution as root

A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal may allow a remote and unauthenticated attacker to ...

FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0

Aug 03, 2021 Severity light-circle-logo

Critical IR Number: FG-IR-21-077 CVE-2021-32588

FortiPortal - Pervasive SQL injections

Multiple improper neutralization of special elements used in an SQL command vulnerabilities (CWE-89) in FortiPortal may al...

FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0

Aug 03, 2021 Severity light-circle-logo

Critical IR Number: FG-IR-21-084 CVE-2021-32590

FortiManager & FortiAnalyzer - Use after free vulnerability in fgfmsd daemon

A Use After Free (CWE-416) vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon may allow a remote, non-authentic...

FortiAnalyzer 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.11, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.10 FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0 FortiManager 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.10, 5.6.1, 5.6.0, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0

Jul 19, 2021 Severity light-circle-logo

Critical IR Number: FG-IR-21-067 CVE-2021-32589

FortiMail - SQL Injection vulnerabilities

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail may allow a non-authenti...

FortiMail 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.13, 5.3.12, 5.3.10, 5.3.1, 5.3.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.10, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.11, 5.0.10, 5.0.1, 5.0.0

Jul 07, 2021 Severity light-circle-logo

Critical IR Number: FG-IR-21-012 CVE-2021-24007

Authentication bypass in FortiWAN

A relative path traversal vulnerability (CWE-23) in FortiWAN may allow a remote non-authenticated attacker to delete files...

AscenLink 7.2.9, 7.2.8, 7.2.7, 7.2.6, 7.2.5, 7.2.4, 7.2.3, 7.2.23, 7.2.22, 7.2.21, 7.2.20, 7.2.2, 7.2.19, 7.2.18, 7.2.17, 7.2.16, 7.2.15, 7.2.14, 7.2.13, 7.2.12, 7.2.11, 7.2.10 FortiWAN 4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0, 4.4.1, 4.4.0

Apr 27, 2021 Severity light-circle-logo

Critical IR Number: FG-IR-21-048 CVE-2021-26102

Ripple20 - Critical Vulnerabilities in low-level TCP/IP software library developed by Treck

On June 16, 2020, cybersecurity researchers from JSOF published a set of 19 vulnerabilities, dubbed Ripple20 that are impa...

Jul 30, 2020 Severity light-circle-logo

Critical IR Number: FG-IR-20-104 CVE-2020-11896 to 2020-11914

Network

Files and Endpoint

Application

Additional SOC Services

Refine
RESET

PSIRT Advisories

Monthly PSIRT Advisories

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer/FortiSIEM

FortiCWP

FortiWeb

FortiNDR

FortiSandbox

FortiTester

Threat Lookup

PSIRT

Resources

Refine RESET

PSIRT Advisories

Monthly PSIRT Advisories

Refine
RESET