Rewterz Threat Alert – Raccoon Infostealer Targeted Financial Organization
November 26, 2019Rewterz Threat Advisory – CVE-2019-18253 – ICS: ABB Relion 670 Series Path Traversal Vulnerability
November 27, 2019Rewterz Threat Alert – Raccoon Infostealer Targeted Financial Organization
November 26, 2019Rewterz Threat Advisory – CVE-2019-18253 – ICS: ABB Relion 670 Series Path Traversal Vulnerability
November 27, 2019Severity
High
Analysis Summary
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages.
Impact
Information disclosure
Affected Vendors
FortiGuard
Affected Products
- FortiOS 6.0.6 and below
- FortiClientWindows 6.0.6 and below
- FortiClientMac 6.2.1 and below
Remediation
Update to version:
- Upgrade to FortiOS 6.0.7 or 6.2.0
- Upgrade to FortiClientWindows 6.2.0
- Upgrade to FortiClientMac 6.2.2