Rewterz Threat Alert –Sodinokibi Ransomware – Active IOCs
August 20, 2021Rewterz Threat Advisory –CVE-2021-24145 – WordPress Code Execution Vulnerability
August 20, 2021Rewterz Threat Alert –Sodinokibi Ransomware – Active IOCs
August 20, 2021Rewterz Threat Advisory –CVE-2021-24145 – WordPress Code Execution Vulnerability
August 20, 2021Severity
High
Analysis Summary
Fortinet’s web application firewall (WAF) platform, known as FortiWeb, has been discovered to have an unpatched OS command-injection security vulnerability. It may allow for privilege escalation and complete device control. FortiWeb is a cybersecurity defense platform designed to protect mission-critical web applications from known and unknown vulnerabilities. According to Fortinet, the firewall has been used to keep up with the deployment of new or updated features, as well as the addition of new online APIs.
CVE-2018-13379, CVE-2019-5591, CVE-2020-12812, CVE-2021-22123, CVE-2020-29015
Fortinet has released critical patches to address vulnerabilities in multiple products. Users and administrators are encouraged to apply the necessary updates.
Impact
- Privilege Escalation
Affected Vendors
Fortinet
Affected Products
- version 6.3.11 and prior
Remediation
To upgrade to the latest patches and security updates, visit the vendor website