PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS) attack...

Aug 21, 2019 Risk IR Number: FG-IR-19-034
A heap buffer overflow vulnerability in the FortiOS SSL VPN web portal may cause the SSL VPN web service termination for logged...

Aug 21, 2019 Risk IR Number: FG-IR-18-388
A privilege escalation vulnerability in FortiOS may allow admin users to elevate their profile to super_admin, via restoring modified...

Aug 21, 2019 Risk IR Number: FG-IR-17-053
An Use of Hard-coded Credentials vulnerability in FortiRecorder may allow an unauthenticated attacker with knowledge of the aforementioned...

Aug 12, 2019 Risk IR Number: FG-IR-19-185
An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information such...

Aug 08, 2019 Risk IR Number: FG-IR-18-173