Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
March 3, 2022Rewterz Threat Alert – Emotet – Active IOCs
March 3, 2022Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
March 3, 2022Rewterz Threat Alert – Emotet – Active IOCs
March 3, 2022Severity
Medium
Analysis Summary
CVE-2020-15936
Fortinet FortiOS could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation. By sending specially-crafted SNI Client Hello TLS packets, an attacker could exploit this vulnerability to obtain sensitive information
CVE-2022-22300
Fortinet FortiAnalyzer and Fortinet FortiManager could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of insufficient permissions or privileges. An attacker could exploit this vulnerability to bypass the device policy and force the password-change action for its user.
Impact
- Security Bypass
- Information Disclosure
Affected Vendors
- CVE-2020-15936
- CVE-2022-22300
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiManager 6.0.0
- Fortinet FortiAnalyzer 6.0.0
- Fortinet FortiManager 5.6.4
- Fortinet FortiAnalyzer 5.6.4
- Fortinet FortiOS 2.36
- Fortinet FortiOS 2.50
- Fortinet FortiOS 2.80
- Fortinet FortiOS 3.0
Remediation
Refer to FortiGuard Advisory for the patch, upgrade or suggested workaround information.
CVE-2020-15936
https://www.fortiguard.com/psirt/FG-IR-20-091
CVE-2022-22300