FortiRecon
FortiRecon is a digital risk protection (DRP) service that allows customers to gain visibility of their digital attack surface, receive targeted threat intelligence, and reduce organisational risk.
mkoser
Staff
Staff
Article Id 230741

 

FortiRecon provides outside-in coverage for risks towards customers.

 

External Attack Surface Management helps customers to identify exposure to known and unknown enterprise assets and associated vulnerabilities across the enterprise.

 

Vulnerability Intelligence Module under Adversary Centric Intelligence (ACI) provides realistic view of impact of the vulnerability based upon chatter and discussion of the same across various external sources such as Darkweb, social media, News / Blogs etc.

CVE ID

CVE-2021-44228

CVE Title

Apache Log4j2 Remote Code Execution Vulnerability

CVE Severity

Critical

ACI Reporting Coverage

45 Reports (Darknet / OSINT/ TECHINT)

Additional References

  • 4 Darknet mentions for this vulnerability.
  • 29 articles referencing this CVE on security blogs.
  • 12 articles referencing possibly working exploit(s) for this vulnerability.
  • 427 public code repositories containing possible POC exploits for this vulnerability
  • 1481 mentions on social media for this vulnerability

EASM Scanner

Yes

 

CVE ID

CVE-2021-45046

CVE Title

Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial-of-service attack

CVE Severity

Critical

ACI Reporting Coverage

16 Reports (OSINT/ TECHINT)

Additional References

  • 7 articles referencing this CVE on security blogs.
  • 46 public code repositories containing possible POC exploits for this vulnerability
  • 231 mentions on social media for this vulnerability

EASM Scanner

No

 

CVE ID

CVE-2021-45105

CVE Title

Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability

CVE Severity

Medium

ACI Reporting Coverage

7 Reports (OSINT/ TECHINT)

Additional References

  • 3 articles referencing this CVE on security blogs.
  • 24 public code repositories containing possible POC exploits for this vulnerability
  • 107 mentions on social media for this vulnerability

EASM Scanner

No

 

CVE ID

CVE-2021-44832

CVE Title

Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

CVE Severity

Medium

ACI Reporting Coverage

3 Reports (OSINT/ TECHINT)

Additional References

  • 1 article referencing this CVE on security blogs.
  • 9 public code repositories containing possible POC exploits for this vulnerability
  • 122 mentions on social media for this vulnerability

EASM Scanner

No

 

Contributors