Rewterz Threat Advisory – CVE-2021-26115 – FortiWAN OS command injection leads to Privilege Escalation

Rewterz Threat Alert – Ryuk Ransomware – Active IOCs

July 8, 2021

Rewterz Threat Alert – Nanocore Rat – Active IOCs

July 8, 2021

Rewterz Threat Advisory – CVE-2021-26115 – FortiWAN OS command injection leads to Privilege Escalation

Severity

High

Analysis Summary

CVE-2021-26115

An OS command injection vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.

Impact

Privilege escalation

Affected Vendors

Fortinet

Affected Products

FortiWAN versions 4.5.7 and below

Remediation

Refer to Fortinet Advisory for patch upgrade, or suggested workaround information.

https://www.fortiguard.com/psirt/FG-IR-21-069

Rewterz Threat Alert – Ryuk Ransomware – Active IOCs

Rewterz Threat Alert – Nanocore Rat – Active IOCs

Rewterz Threat Advisory – CVE-2021-26115 – FortiWAN OS command injection leads to Privilege Escalation

Severity

Analysis Summary

CVE-2021-26115

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan