• 0 800 357272
  • Ця електронна адреса захищена від спам-ботів. Вам необхідно увімкнути JavaScript, щоб побачити її.
  • Пн-Пт 09:00-18:00

PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.

  1. Buffer overflow in fgfmd

    A stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM and FortiSwitchManager may allow a remote attacker to execute arbitrary code or command via crafted packets reaching the fgfmd daemon, under certain conditions which are outside the control of the attacker. Revised on 2025-06-23 00:00:00

  2. Blind SSRF in API

    A server-side request forgery vulnerability [CWE-918] in FortiClientEMS may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests. Revised on 2025-06-10 00:00:00

  3. Firewall session injection in FGSP

    An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets. Revised on 2025-06-10 00:00:00

  4. IPsec improper validation of certificate with host mismatch

    An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiClient Windows may allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection Revised on 2025-06-10 00:00:00

  5. Improper Handling of Insufficient Permissions or Privileges in GUI websocket

    An Improper Handling of Insufficient Permissions or Privileges Vulnerability [CWE-280] in FortiPAM and FortiSRA GUI websocket could allow a low privileged user to access to a unauthorized resources via specially crafted http requests. Revised on 2025-06-10 00:00:00

  6. Information Disclosure on SSLVPN endpoint

    An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL. Revised on 2025-06-10 00:00:00

  7. Insufficient Access Control Over API Endpoints

    An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiPortal may allow an authenticated attacker to view unauthorized device information via key modification in API requests. Revised on 2025-06-10 00:00:00

  8. Insufficient Session Expiration in SSL-VPN cookie

    An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. Revised on 2025-06-10 00:00:00

  9. Multiple OS command injection in Web Vulnerability Scanner

    An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests. Revised on 2025-06-10 00:00:00

  10. OS command injection

    An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command Revised on 2025-06-10 00:00:00

  11. Privilege escalation in GUI websocket module

    An Improper Privilege Management vulnerability [CWE-269] affecting FortiOS, FortiProxy & FortiWeb may allow an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module. Revised on 2025-06-10 00:00:00

  12. Privilege escalation in automation-stitch

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS and FortiProxy may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component. Revised on 2025-06-10 00:00:00

  13. SSH key is added even if operation is aborted

    An incomplete cleanup vulnerability [CWE-459] in FortiOS & FortiProxy may allow a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests. Revised on 2025-06-10 00:00:00

  14. Telemetry protocol authentication is based over VDOM and FCTUID

    An improper authentication vulnerability [CWE-287] in FortiClientEMS telemetry protocol may allow an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests. Revised on 2025-06-10 00:00:00

  15. Weak authentication in security fabric daemon

    A channel accessible by non-endpoint vulnerability [CWE-300] in FortiOS & FortiProxy may allow an unauthenticated attacker with the knowledge of device specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests. Revised on 2025-06-10 00:00:00

  16. eap-cert-auth bypass via revoked certificate

    An Improper Certificate Validation vulnerability [CWE-295] in FortiOS may allow an EAP verified remote user to connect from FortiClient via revoked certificate. Revised on 2025-06-10 00:00:00

  17. TACACS+ authentication bypass

    A missing authentication for critical function vulnerability [CWE-306] in FortiOS, FortiProxy, and FortiSwitchManager TACACS+ configured to use a remote TACACS+ server for authentication, that has itself been configured to use ASCII authentication may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass. Revised on 2025-05-28 00:00:00

  18. Multiple format string vulnerabilities

    A use of externally-controlled format string vulnerability [CWE-134] in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb may allow a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands. Revised on 2025-05-14 00:00:00

  19. Buffer over-read in FGFM

    A buffer over-read vulnerability [CWE-126] in FortiOS may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control. Revised on 2025-05-13 00:00:00

  20. Code Execution due to Node.JS Environment Variable

    An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClient MacOS and FortiVoiceUC desktop application may allow an authenticated attacker to inject code via Electron environment variables. Revised on 2025-05-13 00:00:00
© 2004 - 2025
USEDNET LLC
All Rights Reserved