PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An improper input validation in FortiAI v1.4.0 may allow an authenticated user to gain system shell access via a malicious...

May 05, 2021 Risk IR Number: FG-IR-21-033
A use of hard-coded password vulnerability in Meru AP may allow a remote authenticated attacker to access the system as ro...

May 05, 2021 Risk IR Number: FG-IR-20-147
A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root by abusing the...

May 05, 2021 Risk IR Number: FG-IR-20-038
An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy may allow a remote auth...

May 05, 2021 Risk IR Number: FG-IR-20-226
A relative path traversal vulnerability (CWE-23) in FortiWAN may allow a remote non-authenticated attacker to delete files...

Apr 27, 2021 Risk IR Number: FG-IR-21-048
A clear text storage of sensitive information into log file vulnerability in FortiADCManager and FortiADC may allow a remo...

Apr 06, 2021 Risk IR Number: FG-IR-19-244
A stack-based buffer overflow vulnerability in the HTTPD daemon of FortiProxy may allow an authenticated remote attacker t...

Apr 06, 2021 Risk IR Number: FG-IR-21-007
An information disclosure vulnerability in FortiWeb's Web Vulnerability Scan profile may allow a remote authenticated atta...

Apr 06, 2021 Risk IR Number: FG-IR-20-076
An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenti...

Mar 02, 2021 Risk IR Number: FG-IR-20-230
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiProxy SSL VPN may allow an attacker to retrieve a...

Mar 02, 2021 Risk IR Number: FG-IR-20-224
An improper access control vulnerability in FortiProxy SSL VPN portal may allow an authenticated, remote attacker to acces...

Mar 02, 2021 Risk IR Number: FG-IR-20-235
A cleartext storage of sensitive information vulnerability in FortiProxy command line interface may allow an authenticated...

Mar 02, 2021 Risk IR Number: FG-IR-20-236
An improper neutralization of input vulnerability in FortiGate Cloud may allow a remote authenticated attacker to perform ...

Feb 24, 2021 Risk IR Number: FG-IR-20-193
An improper neutralization of input during web page generation in FortiWeb GUI interface may allow an unauthenticated, rem...

Feb 03, 2021 Risk IR Number: FG-IR-20-122
A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perfo...

Feb 03, 2021 Risk IR Number: FG-IR-20-232