Versions
6.2.0
FortiOS 5.6.0, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0
FortiOS 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x, 5.6.x
FortiOS before 7.0.3
FortiOS 6.0.0 and below
FortiOS 6.0.0 to 6.0.4
FortiOS 6.4.1, 6.2.5
6.0.8 and below
FortiOS 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier
FortiOS 6.2.0 and below.
FortiOS before 6.4.1
FortiOS 5.2.0 to 6.0.4
FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2
5.6.5 and below
FortiOS all versions below 6.0.5
FortiOS 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.0 through 6.0.13
FortiOS 7.0.0, 6.4.6, 6.2.9
FortiOS 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0
6.0.8 and below until 5.4.0
FortiOS 6.4.0 to 6.4.4
FortiOS 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
6.2.1
FortiOS before 7.0.1
FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4
6.0.1
5.6.7 and below
5.0.0-5.0.14, 5.2.0-5.2.10
FortiOS 6.4.2, 6.2.5
FortiOS 7.0.1, 7.0.0 FortiProxy 7.0.0
FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0
FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below
Recent CVEs
CVE-2022-30307
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.
CVE-2022-38380
An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.
CVE-2022-22306
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
CVE-2021-44168
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
CVE-2021-36169
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.
CVE-2021-36173
A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.
CVE-2021-26109
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
CVE-2021-26108
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.
CVE-2021-24018
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.