• 0 800 357272
  • Ця електронна адреса захищена від спам-ботів. Вам необхідно увімкнути JavaScript, щоб побачити її.
  • Пн-Пт 09:00-18:00

PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

  1. Integer Overflow in ipsec ike

    An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS and FortiSASE FortiOS tenant IPsec IKEv1 service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. Revised on 2025-05-07 00:00:00

  2. Multiple Reflected and Stored Cross-Site Scripting

    Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSandbox  may allow an authenticated attacker to perform cross-site scripting attack via crafted HTTP requests. Revised on 2025-05-07 00:00:00

  3. OS command injection

    An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. Revised on 2025-05-07 00:00:00

  4. Os command injection on vm download feature

    An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. Revised on 2025-05-07 00:00:00

  5. Readonly user could execute sensitive operations

    A client-side enforcement of server-side security vulnerability [CWE-602] in FortiSandbox may allow an authenticated attacker with at least read-only permission to download or upload configuration. Revised on 2025-05-07 00:00:00

  6. error based SQLI on device del feature

    An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSandbox may allow a privileged attacker to execute unauthorized code or commands via specifically crafted HTTP requests. Revised on 2025-05-07 00:00:00

  7. RADIUS Protocol CVE-2024-3596

    A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server. Revised on 2025-04-23 00:00:00

  8. Credentials can be dumped from memory

    A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClient Windows and FortiClient Linux may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector Revised on 2025-04-22 00:00:00

  9. No certificate name verification for fgfm connection

    A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice and FortiWeb may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device Revised on 2025-04-22 00:00:00

  10. Hardcoded Encryption Key Used for Named Pipe Communication

    A use of hard-coded cryptographic key (CWE-321) vulnerability in FortiClient Windows may allow a low-privileged user to decrypt interprocess communication via monitoring named pipe. Revised on 2025-04-16 00:00:00

  11. Directory Traversal

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests. Revised on 2025-04-08 00:00:00

  12. EMS can send javascript code to client through messages

    An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiClient may allow the EMS administrator to send messages containing javascript code. Revised on 2025-04-08 00:00:00

  13. Incorrect user management in widgets dashboard

    An Incorrect User Management vulnerability [CWE-286] in FortiWeb widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests. Revised on 2025-04-08 00:00:00

  14. LDAP Clear-text credentials retrievable with IP modification

    An insufficiently protected credentials [CWE-522] vulnerability in FortiOS may allow a privileged authenticated attacker to retrieve LDAP credentials via modifying the LDAP server IP address in the FortiOS configuration to point to a malicious attacker-controlled server. Revised on 2025-04-08 00:00:00

  15. Log Pollution via login page

    An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiManager and FortiAnalyzer may allow an unauthenticated remote attacker to pollute the logs via crafted login requests. Revised on 2025-04-08 00:00:00

  16. OS command injection on diagnose feature (GUI)

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiIsolator may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests. Revised on 2025-04-08 00:00:00

  17. OS command injection on gen-ca-cert command

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiIsolator CLI may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests. Revised on 2025-04-08 00:00:00

  18. Unverified password change via set_password endpoint

    An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request. Revised on 2025-04-08 00:00:00

  19. Use of uninitialized resource in SSLVPN websocket

    Multiple potential issues, including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] in FortiOS & FortiProxy SSLVPN webmode may allow a VPN user to corrupt memory, potentially leading to code or commands execution via specifically crafted requests. Revised on 2025-04-08 00:00:00

  20. Authentication bypass in Node.js websocket module and CSF requests

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module or via crafted CSF proxy requests.Please note that reports show this is being exploited in the wild. Revised on 2025-03-31 00:00:00
© 2004 - 2025
USEDNET LLC
All Rights Reserved