PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number.

Aug 11, 2017 Risk IR Number: FG-IR-17-073
The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext.

Aug 11, 2017 Risk IR Number: FG-IR-17-162
The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message. An attacker...

Jul 14, 2015 Risk IR Number: FG-IR-15-016