March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
March 3, 2022
Rewterz Threat Alert – Emotet – Active IOCs
March 3, 2022
Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
March 3, 2022
Rewterz Threat Alert – Emotet – Active IOCs
March 3, 2022
Severity
Medium
Analysis Summary
CVE-2020-15936
Fortinet FortiOS could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation. By sending specially-crafted SNI Client Hello TLS packets, an attacker could exploit this vulnerability to obtain sensitive information
CVE-2022-22300
Fortinet FortiAnalyzer and Fortinet FortiManager could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of insufficient permissions or privileges. An attacker could exploit this vulnerability to bypass the device policy and force the password-change action for its user.
Impact
- Security Bypass
- Information Disclosure
Affected Vendors
- CVE-2020-15936
- CVE-2022-22300
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiManager 6.0.0
- Fortinet FortiAnalyzer 6.0.0
- Fortinet FortiManager 5.6.4
- Fortinet FortiAnalyzer 5.6.4
- Fortinet FortiOS 2.36
- Fortinet FortiOS 2.50
- Fortinet FortiOS 2.80
- Fortinet FortiOS 3.0
Remediation
Refer to FortiGuard Advisory for the patch, upgrade or suggested workaround information.
CVE-2020-15936
https://www.fortiguard.com/psirt/FG-IR-20-091
CVE-2022-22300