PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

FortiClient and FortiOS AV engines may not immediately detect certain types of malformed or non-standard RAR archives, potentially...

Dec 01, 2020 Risk IR Number: FG-IR-20-037
During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in...

Dec 01, 2020 Risk IR Number: FG-IR-20-035
An improper neutralization of input vulnerability in the FortiGate may allow a remote attacker to perform a stored cross site...

FortiOS 6.2, 6.4
Dec 01, 2020 Risk IR Number: FG-IR-20-068
A cleartext storage of sensitive information in GUI in FortiADC may allow a remote authenticated attacker to retrieve some sensitive...

Nov 03, 2020 Risk IR Number: FG-IR-20-044
An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker...

Nov 03, 2020 Risk IR Number: FG-IR-20-105
A cleartext storage of sensitive information vulnerability in FortiOS command line interface may allow an authenticated attacker...

Oct 19, 2020 Risk IR Number: FG-IR-20-009
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux may allow local users to elevate...

Oct 19, 2020 Risk IR Number: FG-IR-20-110
The Apache project released an advisory on August 7th 2020, which describes the following vulnerabilities:1) CVE-2020-9490 Apache...

Oct 05, 2020 Risk IR Number: FG-IR-20-128
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS may allow an authenticated remote attacker to crash...

Oct 01, 2020 Risk IR Number: FG-IR-19-248
FortiGate may fail to record traffic destined to Fortinet owned IP addresses i.e. traffic destined to the following subnets: 173.243.128.0/20,...

Sep 24, 2020 Risk IR Number: FG-IR-20-033
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiOS may allow a remote...

Sep 24, 2020 Risk IR Number: FG-IR-20-082
Under non-default configuration, a stack-based buffer overflow in FortiGate may allow a remote attacker authenticated to the SSL...

Sep 24, 2020 Risk IR Number: FG-IR-20-083
An improper neutralization of input vulnerability in FortiNAC may allow a remote authenticated attacker to perform a stored cross...

Sep 23, 2020 Risk IR Number: FG-IR-20-002
An improper neutralization of input vulnerability in FortiAnalyzer and FortiTester may allow a remote authenticated attacker to...

Sep 21, 2020 Risk IR Number: FG-IR-20-054
An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being logged...

Sep 18, 2020 Risk IR Number: FG-IR-19-269