Rewterz

Rewterz Threat Advisory – Multiple Cisco Vulnerabilities

March 3, 2022
Rewterz

Rewterz Threat Alert – Emotet – Active IOCs

March 3, 2022

Rewterz Threat Advisory – Fortinet FortiOS and FortiAnalyzer and Fortinet FortiManager Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2020-15936

Fortinet FortiOS could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation. By sending specially-crafted SNI Client Hello TLS packets, an attacker could exploit this vulnerability to obtain sensitive information

CVE-2022-22300

Fortinet FortiAnalyzer and Fortinet FortiManager could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of insufficient permissions or privileges. An attacker could exploit this vulnerability to bypass the device policy and force the password-change action for its user.

Impact

  • Security Bypass
  • Information Disclosure

Affected Vendors

  • CVE-2020-15936
  • CVE-2022-22300

Affected Vendors

Fortinet

Affected Products

  • Fortinet FortiManager 6.0.0
  • Fortinet FortiAnalyzer 6.0.0
  • Fortinet FortiManager 5.6.4
  • Fortinet FortiAnalyzer 5.6.4
  • Fortinet FortiOS 2.36
  • Fortinet FortiOS 2.50
  • Fortinet FortiOS 2.80
  • Fortinet FortiOS 3.0

Remediation

Refer to FortiGuard Advisory for the patch, upgrade or suggested workaround information.

CVE-2020-15936

https://www.fortiguard.com/psirt/FG-IR-20-091

CVE-2022-22300

https://www.fortiguard.com/psirt/FG-IR-21-255

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.