Fortinet issued an urgent Advisory via Mail with a notice about an Authentication Bypass in FortiMail and FortiVoice, referencing
with saying nothing more than:
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
Affected Products
- FortiMail versions 5.4.10 and below.
- FortiMail versions 6.0.7 and below.
-
FortiMail versions 6.2.2 and below.
-
FortiVoiceEntreprise versions 6.0.1 and below.
- FortiVoiceEnterprise versions 5.3 and lower are not impacted by this vulnerability.
Strangely, but still without confirmation:
UnderTheBreach reported via Twitter about a Threat actor, trying to sell a 0day against FortiMail
There are approx 15.000 FortiMail and 1.1000 FortiVoice - Installations to be found online.
References
- CVE-2020-9294
-
reddit: Authentication bypass in FortiMail and FortiVoiceEnterprise
- UTB: Threat actor offering to sell remote 0day exploit for all FrotiMail Servers
Fragen? Kontakt: info@zero.bs