FortiRecon
FortiRecon is a digital risk protection (DRP) service that allows customers to gain visibility of their digital attack surface, receive targeted threat intelligence, and reduce organisational risk.
bmali
Staff
Staff
Article Id 339905
FortiRecon Digital Risk Protection (DRP), a SaaS-based service, includes External Attack Surface Management, Brand Protection, and Adversary Centric Intelligence.

Adversary Centric Intelligence (ACI): leverages FortiGuard Threat Analysis to provide comprehensive coverage of dark web, open-source, and technical threat intelligence, including threat actor insights to enable organizations to respond proactively assess risks, respond faster to incidents, better understand their attackers, and guard assets.

The Vulnerability Intelligence Module under Adversary Centric Intelligence (ACI) provides a realistic view of the impact of the vulnerability based upon chatter and discussion of the same across various external sources such as Darkweb, social media, News / Blogs etc. 
CVE ID CVE-2022-26138 
CVE Title Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
NVD Severity CRITICAL
FortiRecon Severity CRITICAL
FortiRecon Score 91/100
Exploited Yes
Exploited by Ransomware Group(s) No
Exploited by APT Group(s) No
Included in CISA KEV List Yes
Available working exploit(s) 0
Available POC exploit(s) 4
Darknet Mention(s) 0
Telegram Mention(s) 1 (مرکز تحقیقاتی APT IRAN)
FortiRecon Intelligence Reporting(s) 5 (OSINT)
Vendor Advisory: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
https://jira.atlassian.com/browse/CONFSERVER-79483

 

CVE ID CVE-2022-3236 
CVE Title Sophos Firewall Code Injection Vulnerability
NVD Severity CRITICAL
FortiRecon Severity CRITICAL
FortiRecon Score 90/100
Exploited Yes
Exploited by Ransomware Group(s) No
Exploited by APT Group(s) No
Included in CISA KEV List Yes
Available working exploit(s) 0
Available POC exploit(s) 0
Darknet Mention(s) 5 (xss)
Telegram Mention(s) 0
FortiRecon Intelligence Reporting(s) 1 (Darknet), 6 (OSINT)
Vendor Advisory: https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

 

 

CVE ID CVE-2022-26134 
CVE Title Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
NVD Severity CRITICAL
FortiRecon Severity CRITICAL
FortiRecon Score 93/100
Exploited Yes
Exploited by Ransomware Group(s) Yes (cerberimposter, hezb, mimo, mimus ransomware operators, avoslocker ransomware operators, mauricrypt ransomware operators, cerber ransomware)
Exploited by APT Group(s) Yes (8220, apt33, tac-040)
Included in CISA KEV List Yes
Available working exploit(s) 4
Available POC exploit(s) 75
Darknet Mention(s) 3 (xss, breachforums)
Telegram Mention(s) 9 (مرکز تحقیقاتی APT IRAN, Malware Corporation, Termux Israel :israel:, ARVIN, IT Security Alerts)
FortiRecon Intelligence Reporting(s) 16 (Technical Intelligence), 21 (Darknet), 33 (OSINT), 3 (HUMINT)
Vendor Advisory: https://jira.atlassian.com/browse/CONFSERVER-79016
http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Conc...
http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html
http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

 

CVE ID CVE-2022-2766
CVE Title A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206162 is the identifier assigned to this vulnerability.
NVD Severity CRITICAL
FortiRecon Severity LOW
FortiRecon Score 0/100
Exploited No
Exploited by Ransomware Group(s) No
Exploited by APT Group(s) No
Included in CISA KEV List No
Available working exploit(s) 0
Available POC exploit(s) 0
Darknet Mention(s) 0
Telegram Mention(s) 0
FortiRecon Intelligence Reporting(s) 0
Vendor Advisory: https://vuldb.com/?id.206162
https://github.com/Drun1baby/CVE_Pentest/blob/main/Loan%20Management%20System%20CMS/images/sql01.png

 

CVE ID CVE-2021-4034
CVE Title Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
NVD Severity HIGH
FortiRecon Severity CRITICAL
FortiRecon Score 92/100
Exploited Yes
Exploited by Ransomware Group(s) No
Exploited by APT Group(s) Yes (earth krahang, driftingcloud, lazarus group)
Included in CISA KEV List Yes
Available working exploit(s) 7
Available POC exploit(s) 178
Darknet Mention(s) 20 (antichat, xss, ramp, 90sec, raidforums)
Telegram Mention(s) 10 (مرکز تحقیقاتی APT IRAN, Malware Corporation, Termux Israel :israel:, ARVIN, Linux, The Jacuzzi, Ralf Hacker Channel)
FortiRecon Intelligence Reporting(s)  (Technical Intelligence), 15 (OSINT), 4 (Darknet), 1 (FortiGuard Research), 1 (HUMINT)
Vendor Advisory: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
https://www.suse.com/support/kb/doc/?id=000020564
https://www.oracle.com/security-alerts/cpuapr2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
https://www.starwindsoftware.com/security/sw-20220818-0001/
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cv...

 

CVE ID CVE-2021-3156
CVE Title Sudo Heap-Based Buffer Overflow Vulnerability
NVD Severity HIGH
FortiRecon Severity CRITICAL
FortiRecon Score 92/100
Exploited Yes
Exploited by Ransomware Group(s) No
Exploited by APT Group(s) No
Included in CISA KEV List Yes
Available working exploit(s) 6
Available POC exploit(s) 0
Darknet Mention(s) 9 (raidforums, xss, 90sec)
Telegram Mention(s) 7 (IT Security Alerts, مرکز تحقیقاتی APT IRAN, Ralf Hacker Channel, Freedom F0x, ANTICHAT Channel)
FortiRecon Intelligence Reporting(s) 2 (Darknet),  7 (OSINT)
Vendor Advisory: https://www.openwall.com/lists/oss-security/2021/01/26/3
https://www.sudo.ws/stable.html#1.9.5p2
http://www.openwall.com/lists/oss-security/2021/01/26/3
https://security.gentoo.org/glsa/202101-33
https://www.debian.org/security/2021/dsa-4839
http://www.openwall.com/lists/oss-security/2021/01/27/1
http://www.openwall.com/lists/oss-security/2021/01/27/2
http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
https://security.netapp.com/advisory/ntap-20210128-0001/
https://security.netapp.com/advisory/ntap-20210128-0002/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-...
http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
https://www.kb.cert.org/vuls/id/794544
http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
https://support.apple.com/kb/HT212177
http://seclists.org/fulldisclosure/2021/Feb/42
https://kc.mcafee.com/corporate/index?page=content&id=SB10348
http://www.openwall.com/lists/oss-security/2021/02/15/1
https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
http://seclists.org/fulldisclosure/2021/Jan/79
https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-ba...
https://www.synology.com/security/advisory/Synology_SA_21_02
https://www.oracle.com//security-alerts/cpujul2021.html
http://www.openwall.com/lists/oss-security/2021/09/14/2
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHX...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAL...
http://www.openwall.com/lists/oss-security/2024/01/30/8
http://www.openwall.com/lists/oss-security/2024/01/30/6
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2024/Feb/3

 

CVE ID CVE-2021-26084
CVE Title Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
NVD Severity CRITICAL
FortiRecon Severity CRITICAL
FortiRecon Score 92/100
Exploited Yes
Exploited by Ransomware Group(s) Yes (atom silo ransomware operators, cerber ransomware)
Exploited by APT Group(s) Yes (cadet blizzard)
Included in CISA KEV List Yes
Available working exploit(s) 4
Available POC exploit(s) 42
Darknet Mention(s) 29 (xss, raidforums)
Telegram Mention(s) 7 (Freedom F0x, ANTICHAT Channel, مرکز تحقیقاتی APT IRAN, Кардинг | Пластик, Ralf Hacker Channel)
FortiRecon Intelligence Reporting(s) 15 (Technical Intelligence),13 (OSINT), 2 (Darknet)
Vendor Advisory: https://jira.atlassian.com/browse/CONFSERVER-67940
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
 

 

CVE ID CVE-2020-1472
CVE Title Microsoft Netlogon Privilege Escalation Vulnerability
NVD Severity MEDIUM
FortiRecon Severity CRITICAL
FortiRecon Score 92/100
Exploited Yes
Exploited by Ransomware Group(s) Yes (carbon spider, teleport crew, cuba ransomware operators, gold niagara, ransomhub group, carbanak, navigator, industrial spy ransomware operators, conti ransomware operators, calcium, cosmicbeetle, fin7, black basta ransomware, ryuk ransomware operators, ransomhub operators)
Exploited by APT Group(s) Yes (apt15, apt10)
Included in CISA KEV List Yes
Available working exploit(s) 3
Available POC exploit(s) 0
Darknet Mention(s) 26 (xss, 90sec, exploit, ramp)
Telegram Mention(s) 10 (Freedom F0x, ANTICHAT Channel, Egyptian Hackers, Ralf Hacker Channel, Хакер {Hacker})
FortiRecon Intelligence Reporting(s) 7 (Darknet), 22 (Technical Intelligence), 36 (OSINT), 3 (HUMINT)
Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html
https://www.kb.cert.org/vuls/id/490028
http://www.openwall.com/lists/oss-security/2020/09/17/2
https://usn.ubuntu.com/4510-1/
https://www.synology.com/security/advisory/Synology_SA_20_21
https://usn.ubuntu.com/4510-2/
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.html
https://usn.ubuntu.com/4559-1/
http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
https://security.gentoo.org/glsa/202012-24
https://www.oracle.com/security-alerts/cpuApr2021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4O...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAP...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST6...
 

 

CVE ID CVE-2021-33044 
CVE Title Dahua IP Camera Authentication Bypass Vulnerability
NVD Severity CRITICAL
FortiRecon Severity CRITICAL
FortiRecon Score 92/100
Exploited Yes
Exploited by Ransomware Group(s) No
Exploited by APT Group(s) No
Included in CISA KEV List Yes
Available working exploit(s) 1
Available POC exploit(s) 5
Darknet Mention(s) 4 (bhf)
Telegram Mention(s) 0
FortiRecon Intelligence Reporting(s) 2 (OSINT)
Vendor Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957
http://seclists.org/fulldisclosure/2021/Oct/13
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

 

 

CVE ID CVE-2021-33045 
CVE Title Dahua IP Camera Authentication Bypass Vulnerability
NVD Severity CRITICAL
FortiRecon Severity CRITICAL
FortiRecon Score 92/100
Exploited Yes
Exploited by Ransomware Group(s) No
Exploited by APT Group(s) No
Included in CISA KEV List Yes
Available working exploit(s) 1
Available POC exploit(s) 0
Darknet Mention(s) 2 (bhf)
Telegram Mention(s) 0
FortiRecon Intelligence Reporting(s) 2 (OSINT)
Vendor Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957
http://seclists.org/fulldisclosure/2021/Oct/13
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

 

Contributors