Multiple Intel Products Vulnerabilities

VanHelsing Ransomware Targets Windows, ARM, ESXi Systems – Active IOCs

Multiple Fortinet FortiWLC Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-26087 CVSS:4.3

Fortinet FortiWLC is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input.

CVE-2021-22126 CVSS:6.5

Fortinet FortiWLC contains default hardcoded credentials. A remote attacker could exploit this vulnerability to gain root access to the system.

Impact

Cross-Site Scripting
Gain Access

Indicators of Compromise

CVE

CVE-2021-26087
CVE-2021-22126

Affected Vendors

Fortinet

Affected Products

Fortinet FortiWLC 8.4.0
Fortinet FortiWLC 8.5.0
Fortinet FortiWLC 8.6.0
Fortinet FortiWLC 8.4.4
Fortinet FortiWLC 8.3.3
Fortinet FortiWLC - 8.3.2
Fortinet FortiWLC - 8.2.6

Remediation

Upgrade to the latest version, available from the Fortiguard Website.