Filter by Date
- 2023
  - 2 03-2023
  - 4 02-2023
- 2022
  - 1 07-2022
- 2021
  - 4 12-2021
Filter by Severity
- 1 Critical
- 10 High
- 0 Medium
- 0 Low
- 0 Informational
Filter by Affected Product
- All
- 10 FortiNAC
- 1 FortiClientWindows
- 1 FortiClientEMS
- 1 FortiClientMac
- 1 FortiClientLinux
- 0 FortiOS
- 0 FortiProxy
- 0 FortiManager
- 0 FortiAnalyzer
- 0 FortiMail
- 0 FortiSandbox
- 0 FortiWeb
- 0 FortiADC
- 0 FortiPortal
- 0 FortiAuthenticator
- 0 FortiWAN
- 0 FortiSIEM
- 0 FortiWLC
- 0 FortiAP
- 0 FortiAP-W2
- 0 FortiSOAR
- 0 FortiSwitch
- 0 FortiTester
- 0 FortiRecorder
- 0 FortiVoiceEnterprise
- 0 FortiWLM
- 0 FortiAP-S
- 0 FortiAP-U
- 0 FortiDeceptor
- 0 AscenLink
- 0 FortiDB
- 0 FortiDDoS
- 0 FortiEDR
- 0 Meru AP
- 0 FortiCache
- 0 FortiExtender
- 0 FortiADCManager
- 0 FortiAP-C
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiTokenAndroid
- 0 FortiTokenIOS
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiDDoS-CM
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice

Refine Search

PSIRT Advisories

Monthly PSIRT Advisories

2023: May , Apr , Mar , Feb , Jan
2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
2020: Dec

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiNAC - Multiple Reflected XSS

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNA...

FortiNAC 9.4.0, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.1, 9.2.0, 9.1.8, 9.1.7, 9.1.6, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.1, 8.6.0, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.3.7

Mar 07, 2023 Severity black-background-circle-icon

High IR Number: FG-IR-22-281 CVE-2022-40676

FortiNAC - Multiple privilege escalation via sudo command

An improper privilege management vulnerability [CWE-269] in FortiNAC may allow a low privilege local user with shell acces...

FortiNAC 9.4.1, 9.4.0, 9.2.6, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.1, 9.2.0, 9.1.8, 9.1.7, 9.1.6, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.1, 8.6.0, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.3.7

Mar 07, 2023 Severity black-background-circle-icon

High IR Number: FG-IR-22-309 CVE-2022-39953

FortiNAC - External Control of File Name or Path in keyUpload scriptlet

An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacke...

FortiNAC 9.4.0, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.1, 9.2.0, 9.1.7, 9.1.6, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.1, 8.6.0, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.3.7

Feb 16, 2023 Severity black-background-circle-icon

Critical IR Number: FG-IR-22-300 CVE-2022-39952

FortiNAC - Multiple Command Injections in webserver

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the webserver of FortiNAC m...

Feb 16, 2023 Severity black-background-circle-icon

High IR Number: FG-IR-22-280 CVE-2022-40677

FortiNAC - Unauthenticated access to administrative operations

An improper authorization vulnerability [CWE-285] in FortiNAC may allow an unauthenticated attacker to perform some admin...

FortiNAC 9.4.1, 9.4.0, 9.2.6, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.1, 9.2.0

Feb 16, 2023 Severity black-background-circle-icon

High IR Number: FG-IR-22-329 CVE-2022-38375

FortiNAC - Weak password storage

An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC may allow an attacker with access to the datab...

Feb 16, 2023 Severity black-background-circle-icon

High IR Number: FG-IR-22-265 CVE-2022-40678

FortiNAC - Unprotected MySQL root account

An empty password in configuration file vulnerability [CWE-258] in FortiNAC may allow an authenticated attacker to access ...

FortiNAC 9.2.3, 9.2.2, 9.2.1, 9.2.0, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.5, 8.6.4, 8.6.3, 8.6.2, 8.6.0, 8.5.4, 8.5.2, 8.5.1, 8.5.0, 8.3.7

Jul 05, 2022 Severity black-background-circle-icon

High IR Number: FG-IR-22-058 CVE-2022-26117

FortiNAC - improper permissions set for tomcat users configuration file

An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated ...

FortiNAC

Dec 07, 2021 Severity black-background-circle-icon

High IR Number: FG-IR-21-178 CVE-2021-43065

FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS and an improper certifica...

FortiClientLinux 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0 FortiClientMac 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1 FortiClientEMS 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0 FortiClientWindows 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0

Dec 07, 2021 Severity black-background-circle-icon

High IR Number: FG-IR-21-075 CVE-2021-41028

FortiNAC - Privilege Escalation via exploiting the SUDO privileges.

A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root via the sudo command.

FortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0

Dec 07, 2021 Severity black-background-circle-icon

High IR Number: FG-IR-21-182 CVE-2021-41021

FortiNAC - improper permissions set for tomcat users configuration file

An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated ...

FortiNAC 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0

Dec 07, 2021 Severity black-background-circle-icon

High IR Number: FG-IR-21-178 CVE-2021-43065

Network

Files and Endpoint

Application

Additional SOC Services

Refine
RESET

PSIRT Advisories

Monthly PSIRT Advisories

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

Refine RESET

PSIRT Advisories

Monthly PSIRT Advisories

Refine
RESET