Rewterz Threat Advisory – CVE-2021-26092 – FortiGate SSL VPN Portal Vulnerability

Rewterz Threat Alert – Unknown Threat Actors Targeting different Pakistani Sectors – Active IOCs

June 3, 2021

Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

June 3, 2021

Rewterz Threat Advisory – CVE-2021-26092 – FortiGate SSL VPN Portal Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-26092

Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.

Impact

Unauthorized Access
Execution of Arbitrary Code
Information Theft

Affected Vendors

Fortinet

Affected Products

FortiGate version 5.6.13 and below
FortiGate version 6.0.12 and below
FortiGate version 6.2.7 and below
FortiGate version 6.4.5 and below

Remediation

Upgrade FortiGate to version 5.6.14 or above
Upgrade FortiGate to version 6.0.13 and above
Upgrade FortiGate to version 6.2.7 and above
Upgrade FortiGate to version 6.4.6 and above

https://docs.fortinet.com/document/fortigate/7.0.0/fortios-release-notes/760203/introduction-and-supported-models

Rewterz Threat Alert – Unknown Threat Actors Targeting different Pakistani Sectors – Active IOCs

Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

Rewterz Threat Advisory – CVE-2021-26092 – FortiGate SSL VPN Portal Vulnerability

Severity

Analysis Summary

CVE-2021-26092

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan