Rewterz Threat Alert – Unknown Threat Actors Targeting different Pakistani Sectors – Active IOCs
June 3, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
June 3, 2021Rewterz Threat Alert – Unknown Threat Actors Targeting different Pakistani Sectors – Active IOCs
June 3, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
June 3, 2021Severity
Medium
Analysis Summary
CVE-2021-26092
Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.
Impact
- Unauthorized Access
- Execution of Arbitrary Code
- Information Theft
Affected Vendors
Fortinet
Affected Products
- FortiGate version 5.6.13 and below
- FortiGate version 6.0.12 and below
- FortiGate version 6.2.7 and below
- FortiGate version 6.4.5 and below
Remediation
- Upgrade FortiGate to version 5.6.14 or above
- Upgrade FortiGate to version 6.0.13 and above
- Upgrade FortiGate to version 6.2.7 and above
- Upgrade FortiGate to version 6.4.6 and above
https://docs.fortinet.com/document/fortigate/7.0.0/fortios-release-notes/760203/introduction-and-supported-models