PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized code...

Jun 12, 2019 Risk IR Number: FG-IR-19-070
A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system...

Jun 04, 2019 Risk IR Number: FG-IR-18-384
An Improper Authorization vulnerability in the SSL VPN web portal may allow an unauthenticated attacker to change the password...

Jun 04, 2019 Risk IR Number: FG-IR-18-389
Server Message Block (SMB) 1.0 - a legacy file and print sharing protocol - has been deprecated by Microsoft due to multiple weaknesses...

Jun 04, 2019 Risk IR Number: FG-IR-17-103