Rewterz Threat Alert – Powerful Conti Ransomware
July 10, 2020Rewterz Threat Alert – Lazarus FastCash – IOCs
July 12, 2020Rewterz Threat Alert – Powerful Conti Ransomware
July 10, 2020Rewterz Threat Alert – Lazarus FastCash – IOCs
July 12, 2020Severity
High
Analysis Summary
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
Impact
- Authentication bypass
- Improper Access Control
Affected Vendors
Fortinet
Affected Products
- FortiMail versions 5.4.1 to 5.4.10
- FortiMail versions 6.0.0 to 6.0.7
- FortiMail versions 6.2.0 to 6.2.2
- FortiVoiceEnterprise versions 6.0.0 to 6.0.2
Remediation
Upgrade to the latest version https://fortiguard.com/psirt/FG-IR-20-045.
- FortiMail versions 5.4.11 or later
- FortiMail versions 6.0.8 or later
- FortiMail versions 6.2.3 or later
- FortiVoiceEnterprise versions 6.0.3 or later