Rewterz Threat Alert – APT SideWinder Group – IOCs
August 5, 2021Rewterz Threat Advisory –CVE-2021-1602 – Cisco Small Business VPN Routers Command Injection
August 5, 2021Rewterz Threat Alert – APT SideWinder Group – IOCs
August 5, 2021Rewterz Threat Advisory –CVE-2021-1602 – Cisco Small Business VPN Routers Command Injection
August 5, 2021Severity
High
Analysis Summary
CVE-2021-26095
The combination of various cryptographic issues in the session management of FortiMail, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.
Impact
- Privilege Escalation
- Unauthorized Access
Affected Vendors
Fortinet
Affected Products
- FortiMail 6.4.4 and below
- FortiMail 6.2.6 and below
Remediation
For CVE-2021-26095
Upgrade to FortiMail 7.0.0.
Upgrade to FortiMail 6.4.5.