![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Raccoon Infostealer Targeted Financial Organization
November 26, 2019![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2019-18253 – ICS: ABB Relion 670 Series Path Traversal Vulnerability
November 27, 2019![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Raccoon Infostealer Targeted Financial Organization
November 26, 2019![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2019-18253 – ICS: ABB Relion 670 Series Path Traversal Vulnerability
November 27, 2019Severity
High
Analysis Summary
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages.
Impact
Information disclosure
Affected Vendors
FortiGuard
Affected Products
- FortiOS 6.0.6 and below
- FortiClientWindows 6.0.6 and below
- FortiClientMac 6.2.1 and below
Remediation
Update to version:
- Upgrade to FortiOS 6.0.7 or 6.2.0
- Upgrade to FortiClientWindows 6.2.0
- Upgrade to FortiClientMac 6.2.2