PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

Multiple XSS vulnerabilities in FortiSandbox WebUI

The Web User Interface of FortiSandbox version 2.0.4 and below is vulnerable to multiple reflected Cross-Site Scripting vulnerabilities. 5...

Jul 24, 2015 Risk

IR Number: FG-IR-15-019

FortiClient SSLVPN Linux client local privilege escalation vulnerability

Installing Forticlient SSLVPN Linux client build 2312 and lower in a home directory that is world readable-executable yields a...

Jul 24, 2015 Risk

IR Number: FG-IR-15-017

ZebOS routing remote shell service enabled

A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availability")...

Jul 24, 2015 Risk

IR Number: FG-IR-15-020

FortiOS supports weak ciphers suites when connecting to Fortiguard servers

When connecting to a FortiGuard server via TLS, FortiOS 5.2.3/5.0.11 and below is supporting multiple weak ciphers including anonymous,...

Jul 24, 2015 Risk

IR Number: FG-IR-15-021

"POODLE has friends" vulnerability

The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message. An attacker...

Jul 15, 2015 Risk

IR Number: FG-IR-15-016

CVE-2015-1793 OpenSSL "Alternative Chains Certificate Forgery"

OpenSSL released a security advisory in July 2015 to announce a high severity vulnerability affecting any application that verifies...

Jul 09, 2015 Risk

IR Number: FG-IR-15-015

Refine RESET

PSIRT Advisories

Refine
RESET