February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Latest Update Regarding JSOutProx Malware and Its Impact on Financial Institutions – Active IOCs
October 6, 2023Rewterz Threat Alert -Tofsee Malware – Active IOCs
October 9, 2023Rewterz Threat Alert – Latest Update Regarding JSOutProx Malware and Its Impact on Financial Institutions – Active IOCs
October 6, 2023Rewterz Threat Alert -Tofsee Malware – Active IOCs
October 9, 2023
Severity
Medium
Analysis Summary
CVE-2023-25606
Fortinet FortiAnalyzer and FortiManager could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2023-25606
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiManager 7.0.0
- Fortinet FortiAnalyzer 7.0.0
- Fortinet FortiManager 6.4.0
- Fortinet FortiAnalyzer 7.2.0
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.