• 0 800 357272
  • Ця електронна адреса захищена від спам-ботів. Вам необхідно увімкнути JavaScript, щоб побачити її.
  • Пн-Пт 09:00-18:00

PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

  1. RADIUS Protocol CVE-2024-3596

    A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server. Revised on 2025-04-23 00:00:00

  2. Credentials can be dumped from memory

    A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClient Windows and FortiClient Linux may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector Revised on 2025-04-22 00:00:00

  3. No certificate name verification for fgfm connection

    A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice and FortiWeb may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device Revised on 2025-04-22 00:00:00

  4. Hardcoded Encryption Key Used for Named Pipe Communication

    A use of hard-coded cryptographic key (CWE-321) vulnerability in FortiClient Windows may allow a low-privileged user to decrypt interprocess communication via monitoring named pipe. Revised on 2025-04-16 00:00:00

  5. Integer Overflow in ipsec ike

    An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS and FortiSASE FortiOS tenant IPsec IKEv1 service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. Revised on 2025-04-11 00:00:00

  6. Directory Traversal

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests. Revised on 2025-04-08 00:00:00

  7. EMS can send javascript code to client through messages

    An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiClient may allow the EMS administrator to send messages containing javascript code. Revised on 2025-04-08 00:00:00

  8. Incorrect user management in widgets dashboard

    An Incorrect User Management vulnerability [CWE-286] in FortiWeb widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests. Revised on 2025-04-08 00:00:00

  9. LDAP Clear-text credentials retrievable with IP modification

    An insufficiently protected credentials [CWE-522] vulnerability in FortiOS may allow a privileged authenticated attacker to retrieve LDAP credentials via modifying the LDAP server IP address in the FortiOS configuration to point to a malicious attacker-controlled server. Revised on 2025-04-08 00:00:00

  10. Log Pollution via login page

    An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiManager and FortiAnalyzer may allow an unauthenticated remote attacker to pollute the logs via crafted login requests. Revised on 2025-04-08 00:00:00

  11. OS command injection on diagnose feature (GUI)

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiIsolator may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests. Revised on 2025-04-08 00:00:00

  12. OS command injection on gen-ca-cert command

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiIsolator CLI may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests. Revised on 2025-04-08 00:00:00

  13. Unverified password change via set_password endpoint

    An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request. Revised on 2025-04-08 00:00:00

  14. Use of uninitialized resource in SSLVPN websocket

    Multiple potential issues, including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] in FortiOS & FortiProxy SSLVPN webmode may allow a VPN user to corrupt memory, potentially leading to code or commands execution via specifically crafted requests. Revised on 2025-04-08 00:00:00

  15. Authentication bypass in Node.js websocket module and CSF requests

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module or via crafted CSF proxy requests.Please note that reports show this is being exploited in the wild. Revised on 2025-03-31 00:00:00

  16. Unauthenticated user can determine software-version information

    An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiMail may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. Revised on 2025-03-28 00:00:00

  17. Path traversal in csfd daemon

    An improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiManager, FortiOS, FortiProxy, FortiRecorder, FortiVoice and FortiWeb may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files and a remote unauthenticated attacker with the same network access to delete an arbitrary folder. Revised on 2025-03-20 00:00:00

  18. Stack buffer overflow in CLI command

    A stack-buffer overflow vulnerability [CWE-121] in FortiMail CLI may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands. Revised on 2025-03-19 00:00:00

  19. [FG-IR-21-023] Multiple buffer overflows in FortiMail

    Multiple instances of incorrect calculation of buffer size in FortiMail webmail and administrative interface and FortiNDR administrative interface may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. Revised on 2025-03-18 00:00:00

  20. Out-of-bounds Write in IPSEC Daemon

    An Out-of-bounds Write in FortiOS IPSEC daemon may allow an unauthenticated attacker to perform a denial of service under certains conditions that are outside the control of the attacker. Revised on 2025-03-13 00:00:00
© 2004 - 2025
USEDNET LLC
All Rights Reserved