CINXE.COM
PSIRT | FortiGuard Labs
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="title" property="title" content="PSIRT | FortiGuard Labs" /> <meta name="description" property="description" content="None" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="twitter:card" property="twitter:card" content="summary" /> <meta name="twitter:title" property="twitter:title" content="PSIRT | FortiGuard Labs" /> <meta name="twitter:url" property="twitter:url" content="https://fortiguard.com/psirt/FG-IR-22-377" /> <meta name="twitter:description" property="twitter:url" content="None" /> <meta name="og:type" property="og:type" content="article" /> <meta name="og:site_name" property="og:site_name" content="FortiGuard Labs" /> <meta name="og:locale" property="og:locale" content="" /> <meta name="og:title" property="og:title" content="PSIRT | FortiGuard Labs" /> <meta name="og:url" property="og:url" content="https://fortiguard.com/psirt/FG-IR-22-377" /> <meta name="og:description" property="og:description" content="None" /> <meta name="og:image" property="og:image" content="https://filestore.fortinet.com/fortiguard/static/images/fortiguard-logo-dark-theme.svg?v=32538" /> <meta name="twitter:image" property="twitter:image" content="https://filestore.fortinet.com/fortiguard/static/images/fortiguard-logo-dark-theme.svg?v=32538" /> <link rel="shortcut icon" href="https://filestore.fortinet.com/fortiguard/static/images/favicon.ico?v=32538" type="image/x-icon" /> <title>PSIRT | FortiGuard Labs</title> <link rel="stylesheet" href="https://filestore.fortinet.com/fortiguard/static/styles/bootstrap.min.css?v=32538"> <link rel="stylesheet" href="https://filestore.fortinet.com/fortiguard/static/styles/vendor.min.css?v=32538"> <link rel="stylesheet" href="https://filestore.fortinet.com/fortiguard/static/styles/style.min.css?v=32538"> <style> /* Hacks to deal with mm-slider and bootstrap colliding with eachother */ .mm-slideout { z-index: inherit; } .modal { color: #000; } /* End Hacks */ </style> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-64GHK0036C"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-64GHK0036C'); </script> </head> <body ng-app="fgd" class="detail dark-theme"> <header> <div class="ftnt-navigation d-none d-xl-block"> <div class="container-xxl"> <div class="top-toolbar"> <ul class="right-bar"> <li class="header-search-header" role="menuitem" aria-labelledby="search_field_header"> <img id="global_header_search_btn" src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=32538" alt="search"> <form action="/search" method="get" class="form-check d-none"> <span class="search_flat"> <label for="search_field_header" class="visually-hidden" id="label-search_field-header">Search</label> <input id="search_field_header" type="text" class="search_field" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="" /> <button type="submit" value=" " class="btn btn-sm" aria-label="Submit your search"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=32538" alt="search"> </button> <div class="global_search-popup"> <fieldset> <legend class="visually-hidden">Please select any available option</legend> <div class="form-check search-popup-item"> <input type="radio" name="engine" id="all_home" class="form-check-input search-input-option" value="1" checked="checked" aria-checked="true" /> <label class="form-check-label search-input-label" for="all_home"> Normal </label> </div> <div class="form-check search-popup-item"> <input type="radio" name="engine" id="exact_home" class="form-check-input search-input-option" value="2" /> <label class="form-check-label search-input-label" for="exact_home"> Exact Match </label> </div> <div class="form-check search-popup-item"> <input type="radio" name="engine" id="cve_home" class="form-check-input search-input-option" value="3" /> <label class="form-check-label search-input-label" for="cve_home"> CVE </label> </div> <div class="form-check search-popup-item"> <input type="radio" name="engine" id="threat_home" class="form-check-input search-input-option" value="4" /> <label class="form-check-label search-input-label" for="threat_home"> ID </label> </div> <div class="form-check search-popup-item"> <input type="radio" name="engine" id="psirt_home" class="form-check-input search-input-option" value="6" /> <label class="form-check-label search-input-label" for="psirt_home"> PSIRT </label> </div> <div class="form-check search-popup-item"> <input type="radio" name="engine" id="repms_home" class="form-check-input search-input-option" value="8" /> <label class="form-check-label search-input-label" for="repms_home"> Antispam </label> </div> <div class="form-check search-popup-item"> <input type="radio" name="engine" id="outbreak-alert_home" class="form-check-input search-input-option" value="9" /> <label class="form-check-label search-input-label" for="outbreak-alert_home"> Outbreak Alert </label> </div> <div class="form-check search-popup-item"> <input type="radio" name="engine" id="url_home" class="form-check-input search-input-option" value="7" /> <label class="form-check-label search-input-label" for="url_home"> IP/Domain/URL </label> </div> </fieldset> </div> </span> </form> </li> </ul> </div> </div> </div> <div id="main-nav"> <nav class="desktop-nav d-none d-xl-block" aria-label="desktop navigation menu"> <div class="container-xxl"> <div class="row"> <div class="col-xl-3 col-lg-2 logo"> <a href="/"> <img src="https://filestore.fortinet.com/fortiguard/static/images/fortiguard-logo-dark-theme.svg?v=32538" alt="fortiguard-logo" loading="lazy"> </a> </div> <div class="col-xl-7 col-lg-8 ps-0"> <ul class="main-menu-bar" role="menu" ng-controller="MenuController"> <li role="menuitem"> <a aria-haspopup="true" aria-expanded="false" aria-label="News / Research" class="main-menu" tabindex="0" id="heading-news-item">News / Research</a> <div class="header-hover md header-hover-news"> <div class="menu-panel dropdown-news"> <div class="container-xxl h-100 dropdown-menu-wrapper"> <div class="row h-100"> <div class="col-xl-3 col-lg-2 news-research-psirt pt-4 pe-0 services-category-wrapper"> <h2 class="text-start">News/Research</h2> <h3 class="news-research" ng-click="isNews=true" ng-class="isNews?'active':''">Research Center</h3> <h3 class="news-psirt" ng-click="isNews=false" ng-class="isNews?'':'active'">PSIRT Center</h3> </div> <div class="col-xl-7 col-lg-8 pt-4 ps-4" role="region" aria-labelledby="heading-news-item"> <div class="row"> <div ng-hide="!isNews" class="col-md-5 research-center"> <div class="description text-start mb-3"> <span>Explore latest research and threat reports on emerging cyber threats.</span> </div> <ul class="w-100"> <li class="border-start border-3"><a href="/outbreak-alert" >Outbreak Alerts</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/blog/threat-research.html" target = _blank >Security Blog</a></li> <li class="border-start border-3"><a href="/threat-signal-report" >Threat Signal</a></li> </ul> </div> <div ng-hide="isNews" class="col-md-5 psirt-center"> <div class="description text-start mb-3"> <span>Fortinet Product Security Incident Response Team (PSIRT) updates.</span> </div> <ul class="w-100"> <li class="border-start border-3"><a href="/psirt" >Advisories</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/blog/psirt-blogs" target = _blank >PSIRT Blog</a></li> <li class="border-start border-3"><a href="/faq/psirt-contact" >PSIRT Contact</a></li> <li class="border-start border-3"><a href="/psirt_policy" >Security Vulnerability Policy</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </li> <li role="menuitem"> <a aria-haspopup="true" aria-expanded="false" class="main-menu" tabindex="0" id="heading-services-item">Services</a> <div class="header-hover lg header-hover-services"> <div class="menu-panel dropdown-services"> <div class="container-xxl h-100 dropdown-menu-wrapper"> <div class="row h-100"> <div class="col-xl-3 col-lg-2 services-category-wrapper pt-4 pe-0"> <h2 class="text-start">Services</h2> <h3 class="services-outbreak" ng-click="toggleServices('outbreak')" ng-class="services['outbreak']?'active':''">By Outbreak</h3> <h3 class="services-solution" ng-click="toggleServices('solution')" ng-class="services['solution']?'active':''">By Solution</h3> <h3 class="services-product" ng-click="toggleServices('product')" ng-class="services['product']?'active':''">By Product</h3> </div> <div class="col-xl-9 col-lg-10 ps-0"> <div ng-hide="!services['outbreak']" class="menu-overflow services-outbreak pt-4 ps-4"> <div role="region" aria-labelledby="heading-services-item"> <div class="row"> <div class="col"> <h3 class="mb-2 title text-uppercase border-3 border-start">Protect</h3> <div class="description text-start"><span> Counter measures across the security fabric for protecting assets, data and network. </span></div> <ul class="col-md-12 mt-3"> <li class="border-start border-3"><a href="/services/botnet" >Anti-Botnet</a></li> <li class="border-start border-3"><a href="/services/arae" >Anti-Recon and Anti-Exploit</a></li> <li class="border-start border-3"><a href="/services/antispam" >AntiSpam</a></li> <li class="border-start border-3"><a href="/services/antivirus" >AntiVirus</a></li> <li class="border-start border-3"><a href="/services/appcontrol" >Application Control</a></li> <li class="border-start border-3"><a href="/services/fedr" >Endpoint Detection & Response</a></li> <li class="border-start border-3"><a href="/services/ev" >Endpoint Vulnerability</a></li> <li class="border-start border-3"><a href="/updates/casb" >Inline-CASB Application Definitions</a></li> <li class="border-start border-3"><a href="/services/ips" >Intrusion Protection</a></li> <li class="border-start border-3"><a href="/services/operational-technology-security-service" >Operational Technology Security</a></li> <li class="border-start border-3"><a href="/services/sandbox" >Sandbox Behavior Engine</a></li> <li class="border-start border-3"><a href="/services/ws" >Web Application Security</a></li> <li class="border-start border-3"><a href="/services/wf" >Web Filtering</a></li> </ul> </div> <div class="col"> <h3 class="mb-2 title text-uppercase border-3 border-start">Detect</h3> <div class="description text-start"> <span>Find and correlate important information to identify an outbreak.<span class="invisible">Find and correlate</span></span> </div> <ul class="col-md-12 mt-3"> <li class="border-start border-3"><a href="/services/arae" >Anti-Recon and Anti-Exploit</a></li> <li class="border-start border-3"><a href="/services/cloud-vulnerability-and-threat-detection" >Cloud Threat Detection</a></li> <li class="border-start border-3"><a href="/services/ioc" >Indicators of Compromise</a></li> <li class="border-start border-3"><a href="/services/odcs" >Outbreak Deception</a></li> <li class="border-start border-3"><a href="/services/outbreak-detection-service" >Outbreak Detection</a></li> <li class="border-start border-3"><a href="/services/security-automation-service" >SOC Automation</a></li> </ul> </div> <div class="col"> <div class="row"> <div class="col-md-12 mb-2"><h3 class="mb-2 title text-uppercase border-3 border-start"> Respond</h3> <div class="description text-start"> <span>Develop containment techniques to mitigate impacts of security events.<span class="invisible">Develop containment</span></span> </div> <ul class="col-md-12 mt-3"> <li class="border-start border-3"><a href="https://www.fortinet.com/products/fortixdr" target = _blank >Endpoint Detection and Response</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/products/endpoint-security/forticlient#support-services" target = _blank >Endpoint Forensics</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/respond" target = _blank >Incident Response</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/products/fortirecon" target = _blank >Recon: ACI</a></li> </ul> </div> <div class="col-md-12"> <h3 class="mb-2 mt-4 text-uppercase title border-3 border-start">Recover</h3> <div class="description text-start"> <span>Improve security posture and processes by implementing security awareness and training.</span> </div> <ul class="col-md-12 mt-3"> <li class="border-start border-3"><a href="https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/assess" target = _blank >Assessment Services</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/training/cybersecurity-professionals" target = _blank >NSE Training</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/training/security-awareness-training" target = _blank >Security Awareness Training</a></li> </ul> </div> </div> </div> <div class="col"> <h3 class="mb-2 title text-uppercase border-3 border-start">Identify</h3> <div class="description text-start"> <span>Identify processes and assets that need protection.<span class="invisible">Identify processes and assets that</span></span> </div> <ul class="col-md-12 mt-3"> <li class="border-start border-3"><a href="/services/cloud-vulnerability-and-threat-detection" >Cloud Vulnerability</a></li> <li class="border-start border-3"><a href="/services/dynamic-application-security-testing" >Dynamic Application Security Testing</a></li> <li class="border-start border-3"><a href="/services/ev" >Endpoint Vulnerability</a></li> <li class="border-start border-3"><a href="/services/breach-attack-simulation" >FortiTester</a></li> <li class="border-start border-3"><a href="/services/dds" >IoT Detection</a></li> <li class="border-start border-3"><a href="/services/pentesting" >Pen Testing</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/products/fortirecon" target = _blank >Recon: BP</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/products/fortirecon" target = _blank >Recon: EASM</a></li> <li class="border-start border-3"><a href="/services/secr" >Security Rating</a></li> </ul> </div> </div> </div> </div> <div ng-hide="!services['solution']" class="menu-overflow services-solution pt-4 ps-4"> <div role="region" aria-labelledby="heading-services-item"> <div class="row"> <div class="col"> <ul> <li> <h3 class="text-uppercase">Network Security</h3> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/network.svg?v=32538" alt="Network Security icon" loading="lazy"> </li> <li class="border-start border-3"><a href="/services/botnet" >Anti-Botnet</a></li> <li class="border-start border-3"><a href="/services/arae" >Anti-Recon and Anti-Exploit</a></li> <li class="border-start border-3"><a href="/services/cloud-vulnerability-and-threat-detection" >Cloud Vulnerability and Threat Detection</a></li> <li class="border-start border-3"><a href="/services/dlp" >Data Loss Prevention</a></li> <li class="border-start border-3"><a href="/services/ioc" >Indicators of Compromise</a></li> <li class="border-start border-3"><a href="/updates/casb" >Inline-CASB Application Definitions</a></li> <li class="border-start border-3"><a href="/services/isdb" >Internet Services</a></li> <li class="border-start border-3"><a href="/services/ips" >Intrusion Protection</a></li> <li class="border-start border-3"><a href="/services/ipge" >IP Geolocation</a></li> <li class="border-start border-3"><a href="/services/sdns" >Secure DNS</a></li> </ul> </div> <div class="col"> <ul> <li> <h3 class="text-uppercase">Endpoint Security</h3> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/contentendpoint.svg?v=32538" alt="Endpoint Security icon" loading="lazy"> </li> <li class="border-start border-3"><a href="/services/fortindr" >ANN and NDR</a></li> <li class="border-start border-3"><a href="/services/antivirus" >AntiVirus</a></li> <li class="border-start border-3"><a href="/services/fedr" >Endpoint Detection & Response</a></li> <li class="border-start border-3"><a href="/services/ev" >Endpoint Vulnerability</a></li> <li class="border-start border-3"><a href="/services/eoap" >FortiClient Outbreak Detection</a></li> <li class="border-start border-3"><a href="/services/dds" >IoT Detection</a></li> <li class="border-start border-3"><a href="/services/sandbox" >Sandbox Behavior Engine</a></li> </ul> </div> <div class="col"> <ul> <li> <h3 class="text-uppercase">Application Security</h3> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/application.svg?v=32538" alt="Application Security icon" loading="lazy"> </li> <li class="border-start border-3"><a href="/services/antispam" >AntiSpam</a></li> <li class="border-start border-3"><a href="/services/appcontrol" >Application Control</a></li> <li class="border-start border-3"><a href="/services/fct-app" >Client Application Firewall</a></li> <li class="border-start border-3"><a href="/services/csd" >Credential Stuffing Defense</a></li> <li class="border-start border-3"><a href="/services/dynamic-application-security-testing" >Dynamic Application Security Testing</a></li> <li class="border-start border-3"><a href="/services/operational-technology-security-service" >Operational Technology Security</a></li> <li class="border-start border-3"><a href="/services/ws" >Web Application Security</a></li> <li class="border-start border-3"><a href="/services/wf" >Web Filtering</a></li> </ul> </div> <div class="col"> <ul> <li> <h3 class="text-uppercase">Security Operations</h3> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/response.svg?v=32538" alt="Security Operations icon" loading="lazy"> </li> <li class="border-start border-3"><a href="/services/breach-attack-simulation" >Breach Attack Simulation</a></li> <li class="border-start border-3"><a href="/services/fortidevsec" >FortiDevSec</a></li> <li class="border-start border-3"><a href="/services/fortisiem" >FortiSIEM Outbreak Detection Service</a></li> <li class="border-start border-3"><a href="/services/odcs" >Outbreak Deception</a></li> <li class="border-start border-3"><a href="/services/outbreak-detection-service" >Outbreak Detection</a></li> <li class="border-start border-3"><a href="/services/pentesting" >Pen Testing</a></li> <li class="border-start border-3"><a href="/services/secr" >Security Rating</a></li> </ul> </div> </div> </div> </div> <div ng-hide="!services['product']" class="menu-overflow services-product-wrapper"> <div class="row h-100"> <div class="col-4 products pe-0"> <ul> <li ng-click="currentProduct='0'" ng-class="{'active-product':currentProduct==='0'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortigate.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiGate</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='1'" ng-class="{'active-product':currentProduct==='1'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortianalyzer.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiAnalyzer</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='2'" ng-class="{'active-product':currentProduct==='2'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/forticlient.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiClient</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='3'" ng-class="{'active-product':currentProduct==='3'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortiweb.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiWeb</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='4'" ng-class="{'active-product':currentProduct==='4'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fadc.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiADC</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='5'" ng-class="{'active-product':currentProduct==='5'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortiauthenticator.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiAuthenticator</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='6'" ng-class="{'active-product':currentProduct==='6'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/cnp.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiCNP</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='7'" ng-class="{'active-product':currentProduct==='7'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortiddos.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiDDoS</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='8'" ng-class="{'active-product':currentProduct==='8'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortideceptor.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiDeceptor</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='9'" ng-class="{'active-product':currentProduct==='9'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fedr.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiEDR</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='10'" ng-class="{'active-product':currentProduct==='10'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortimail.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiMail</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li class="invisible">empty</li> </ul> </div> <div class="col-4 products pe-0 ps-0"> <ul> <li ng-click="currentProduct='11'" ng-class="{'active-product':currentProduct==='11'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortindr.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiNDR</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='12'" ng-class="{'active-product':currentProduct==='12'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortipam.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiPAM</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='13'" ng-class="{'active-product':currentProduct==='13'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortipolicy.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiPolicy</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='14'" ng-class="{'active-product':currentProduct==='14'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortiproxy.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiProxy</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='15'" ng-class="{'active-product':currentProduct==='15'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortirecon.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiRecon</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='16'" ng-class="{'active-product':currentProduct==='16'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/sandbox.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiSandBox</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='17'" ng-class="{'active-product':currentProduct==='17'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortisase.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiSASE</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='18'" ng-class="{'active-product':currentProduct==='18'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortisiem.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiSIEM</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='19'" ng-class="{'active-product':currentProduct==='19'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortitester.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiTester</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='20'" ng-class="{'active-product':currentProduct==='20'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/fortidast.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiDAST</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li ng-click="currentProduct='21'" ng-class="{'active-product':currentProduct==='21'}" class="align-items-center user-select-none"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/cnpvuln.svg?v=32538" alt=""/> <p class="mb-0 me-3">FortiCNAPP</p> <img src="https://filestore.fortinet.com/fortiguard/static/images/arrow-white.svg?v=32538" alt="" class="order-0 ms-auto me-0"/></li> <li class="invisible">empty</li> </ul> </div> <div class="col-4 services"> <ul ng-hide="currentProduct!=='0'" class="services-list"> <li class="mb-0"><a href="/services/botnet">Anti-Botnet</a> </li> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/appcontrol">Application Control</a> </li> <li class="mb-0"><a href="/updates/casb">Inline-CASB Application Definitions</a> </li> <li class="mb-0"><a href="/services/ips">Intrusion Protection</a> </li> <li class="mb-0"><a href="/services/dds">IoT Detection</a> </li> <li class="mb-0"><a href="/services/ipge">IP Geolocation</a> </li> <li class="mb-0"><a href="/services/operational-technology-security-service">Operational Technology Security</a> </li> <li class="mb-0"><a href="/services/sdns">Secure DNS</a> </li> <li class="mb-0"><a href="/services/secr">Security Rating</a> </li> <li class="mb-0"><a href="/services/wf">Web Filtering</a> </li> </ul> <ul ng-hide="currentProduct!=='1'" class="services-list"> <li class="mb-0"><a href="/services/ioc">Indicators of Compromise</a> </li> <li class="mb-0"><a href="/services/outbreak-detection-service">Outbreak Detection</a> </li> <li class="mb-0"><a href="/services/security-automation-service">SOC Automation</a> </li> </ul> <ul ng-hide="currentProduct!=='2'" class="services-list"> <li class="mb-0"><a href="/services/botnet">Anti-Botnet</a> </li> <li class="mb-0"><a href="/services/arae">Anti-Recon and Anti-Exploit</a> </li> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/fct-app">Application Firewall</a> </li> <li class="mb-0"><a href="/services/csd">Credential Stuffing Defense</a> </li> <li class="mb-0"><a href="/services/ev">Endpoint Vulnerability</a> </li> <li class="mb-0"><a href="/services/ips">Intrusion Protection</a> </li> <li class="mb-0"><a href="/services/eoap">Outbreak Detection</a> </li> <li class="mb-0"><a href="/services/wf">Web Filtering</a> </li> </ul> <ul ng-hide="currentProduct!=='3'" class="services-list"> <li class="mb-0"><a href="/services/botnet">Anti-Botnet</a> </li> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/appcontrol">Application Control</a> </li> <li class="mb-0"><a href="/services/csd">Credential Stuffing Defense</a> </li> <li class="mb-0"><a href="/updates/webshell">Fuzzy Webshell</a> </li> <li class="mb-0"><a href="/services/ipge">IP Geolocation</a> </li> <li class="mb-0"><a href="/services/ws">Web Application Security</a> </li> </ul> <ul ng-hide="currentProduct!=='4'" class="services-list"> <li class="mb-0"><a href="/services/botnet">Anti-Botnet</a> </li> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/csd">Credential Stuffing Defense</a> </li> <li class="mb-0"><a href="/services/ips">Intrusion Protection</a> </li> <li class="mb-0"><a href="/services/ipge">IP Geolocation</a> </li> <li class="mb-0"><a href="/services/ws">Web Application Security</a> </li> <li class="mb-0"><a href="/services/wf">Web Filtering</a> </li> </ul> <ul ng-hide="currentProduct!=='5'" class="services-list"> <li class="mb-0"><a href="/services/ipge">IP Geolocation</a> </li> </ul> <ul ng-hide="currentProduct!=='6'" class="services-list"> <li class="mb-0"><a href="/services/botnet">Anti-Botnet</a> </li> <li class="mb-0"><a href="/services/dlp">Data Loss Prevention</a> </li> <li class="mb-0"><a href="/services/ipge">IP Geolocation</a> </li> <li class="mb-0"><a href="/services/cloud-vulnerability-and-threat-detection">Vulnerability</a> </li> </ul> <ul ng-hide="currentProduct!=='7'" class="services-list"> <li class="mb-0"><a href="/services/botnet">Anti-Botnet</a> </li> </ul> <ul ng-hide="currentProduct!=='8'" class="services-list"> <li class="mb-0"><a href="/services/arae">Anti-Recon and Anti-Exploit</a> </li> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/ips">Intrusion Protection</a> </li> <li class="mb-0"><a href="/services/odcs">Outbreak Deception</a> </li> </ul> <ul ng-hide="currentProduct!=='9'" class="services-list"> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/fedr">EndPoint Detection and Response</a> </li> <li class="mb-0"><a href="/services/ev">Endpoint Vulnerability</a> </li> <li class="mb-0"><a href="/services/ioc">Indicators of Compromise</a> </li> <li class="mb-0"><a href="/services/wf">Web Filtering</a> </li> </ul> <ul ng-hide="currentProduct!=='10'" class="services-list"> <li class="mb-0"><a href="/services/antispam">AntiSpam</a> </li> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/wf">Web Filtering</a> </li> </ul> <ul ng-hide="currentProduct!=='11'" class="services-list"> <li class="mb-0"><a href="/services/fortindr">Network Detection and Response</a> </li> </ul> <ul ng-hide="currentProduct!=='12'" class="services-list"> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/dlp">Data Loss Prevention</a> </li> </ul> <ul ng-hide="currentProduct!=='13'" class="services-list"> <li class="mb-0"><a href="/services/botnet">Anti-Botnet</a> </li> <li class="mb-0"><a href="/services/appcontrol">Application Control</a> </li> </ul> <ul ng-hide="currentProduct!=='14'" class="services-list"> <li class="mb-0"><a href="/services/botnet">Anti-Botnet</a> </li> <li class="mb-0"><a href="/services/appcontrol">Application Control</a> </li> <li class="mb-0"><a href="/services/operational-technology-security-service">Industrial Security</a> </li> </ul> <ul ng-hide="currentProduct!=='15'" class="services-list"> <li class="mb-0"><a href="https://www.fortinet.com/products/fortirecon">Digital Risk Protection</a> </li> </ul> <ul ng-hide="currentProduct!=='16'" class="services-list"> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/ips">Intrusion Protection</a> </li> <li class="mb-0"><a href="/services/sandbox">Sandbox Behavior Engine</a> </li> <li class="mb-0"><a href="/services/wf">Web Filtering</a> </li> </ul> <ul ng-hide="currentProduct!=='17'" class="services-list"> <li class="mb-0"><a href="/services/botnet">Anti-Botnet</a> </li> <li class="mb-0"><a href="/services/antivirus">AntiVirus</a> </li> <li class="mb-0"><a href="/services/appcontrol">Application Control</a> </li> <li class="mb-0"><a href="/services/dlp">Data Loss Prevention</a> </li> <li class="mb-0"><a href="/services/ev">Endpoint Vulnerability</a> </li> <li class="mb-0"><a href="/services/ips">Intrusion Protection</a> </li> <li class="mb-0"><a href="/services/sdns">Secure DNS</a> </li> <li class="mb-0"><a href="/services/wf">Web Filtering</a> </li> </ul> <ul ng-hide="currentProduct!=='18'" class="services-list"> <li class="mb-0"><a href="/services/ioc">Indicators of Compromise</a> </li> <li class="mb-0"><a href="/services/ipge">IP Geolocation</a> </li> <li class="mb-0"><a href="/services/fortisiem">Outbreak Detection</a> </li> </ul> <ul ng-hide="currentProduct!=='19'" class="services-list"> <li class="mb-0"><a href="/services/breach-attack-simulation">Breach Attack Simulation</a> </li> </ul> <ul ng-hide="currentProduct!=='20'" class="services-list"> <li class="mb-0"><a href="/services/dynamic-application-security-testing">Dynamic Application Security Testing</a> </li> </ul> <ul ng-hide="currentProduct!=='21'" class="services-list"> <li class="mb-0"><a href="/services/cloud-vulnerability-and-threat-detection">Cloud Threat Detection</a> </li> <li class="mb-0"><a href="/services/cloud-vulnerability-and-threat-detection">Cloud Vulnerability</a> </li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </li> <li role="menuitem"> <a aria-haspopup="true" aria-expanded="false" class="main-menu" tabindex="0" id="heading-threats-item">Threat Intelligence</a> <div class="header-hover sm single header-hover-threats"> <div class="menu-panel dropdown-threats"> <div class="container-xxl h-100 dropdown-menu-wrapper"> <div class="row h-100"> <div class="col-xl-3 col-lg-2 pt-4 pe-0 services-category-wrapper"> <h2 class="text-start">Threat Intelligence<br> Center</h2> </div> <div class="col-xl-7 col-lg-8 pt-4 ps-4" role="region" aria-labelledby="heading-threats-item"> <div class="row"> <div class="col-md-5 position-relative"> <div class="description text-start mb-3"> <span> Browse the FortiGuard Labs extensive encyclopedia and Threat Analytics. </span> </div> <ul class="w-100"> <li class="border-start border-3"><a href="/appcontrol" >Application Control</a></li> <li class="border-start border-3"><a href="/threat-research" >Threat Analytics</a></li> <li class="border-start border-3"><a href="/encyclopedia" >Threat Encyclopedia</a></li> <li class="border-start border-3"><a href="/threat-map" >Threat Map</a></li> <li class="border-start border-3"><a href="/webfilter" >Web Filtering</a></li> </ul> </div> </div> <div class="col-md-6"></div> </div> </div> </div> </div> </div> </li> <li role="menuitem"> <a aria-haspopup="true" aria-expanded="false" class="main-menu" tabindex="0" id="heading-resources-item">Resources</a> <div class="header-hover md header-hover-resources"> <div class="menu-panel dropdown-resources"> <div class="container-xxl h-100 dropdown-menu-wrapper"> <div class="row h-100"> <div class="col-xl-3 col-lg-2 pt-4 pe-0 services-category-wrapper"> <h2 class="text-start">Resource Center</h2> </div> <div class="col-xl-7 col-lg-8 pt-4 ps-4"> <div class="row"> <div class="col-md-5 position-relative" role="region" aria-labelledby="heading-resources-item"> <div class="description text-start mb-3"> <span> Learn about service status, publications and other available resources. </span> </div> <ul class="w-100"> <li class="border-start border-3"><a href="/sample-files" >FortiGuard Sample Files</a></li> <li class="border-start border-3"><a href="/mitre-mapping" >MITRE ATT&CK Matrix</a></li> <li class="border-start border-3"><a href="/nist-csf" >NIST Cybersecurity Framework</a></li> <li class="border-start border-3"><a href="/events" >Publications</a></li> <li class="border-start border-3"><a href="/security-best-practices" >Security Best Practices</a></li> </ul> </div> <div class="col-md-5"></div> </div> </div> </div> </div> </div> </div> </li> <li class="menu-last" role="menuitem"> <a aria-haspopup="true" aria-expanded="false" class="main-menu" tabindex="0" id="heading-about-item">About</a> <div class="header-hover sm single header-hover-about"> <div class="menu-panel dropdown-aboutus"> <div class="container-xxl h-100 dropdown-menu-wrapper"> <div class="row h-100"> <div class="col-xl-3 col-lg-2 pt-4 pe-0 services-category-wrapper"> <h2 class="text-start">About</h2> <h3 ng-click="isAboutUs=true" class="aboutus-fortiguard" ng-class="isAboutUs?'active':''">FortiGuard Labs</h3> <h3 ng-click="isAboutUs=false" class="aboutus-partners" ng-class="isAboutUs?'':'active'">Partners</h3> </div> <div class="col-xl-7 col-lg-8 pt-4 ps-4" role="region" aria-labelledby="heading-news-item"> <div class="row"> <div ng-hide="!isAboutUs" class="col-md-5 position-relative"> <div class="description text-start mb-3"> <span>AI-Powered Threat Intelligence for an Evolving Digital World.</span> </div> <ul class="w-100"> <li class="border-start border-3"><a href="/contactus" >Contact Us</a></li> <li class="border-start border-3"><a href="/premium-services" >Premium Services</a></li> <li class="border-start border-3"><a href="/rss-feeds" >RSS Feeds</a></li> </ul> </div> <div ng-hide="isAboutUs" class="col-md-5 position-relative"> <div class="description text-start mb-3"> <span>Leveraging cyber security industry partner relationships.</span> </div> <ul class="w-100"> <li class="border-start border-3"><a href="/cta" >Cyber Threat Alliance</a></li> <li class="border-start border-3"><a href="https://www.fortinet.com/corporate/about-us/product-certifications/mitre-att-ck" target = _blank >MITRE Engenuity</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </li> </ul> </div> <div class="col-xl-2 col-lg-3"> <ul class="float-end"> <li class="fortinet-item"> <a href="https://www.fortinet.com" target="_blank"> </a> </li> </ul> </div> </div> </div> </nav> <nav class="navbar navbar-expand-xl navbar-light d-block d-xl-none mobile-nav" aria-label="mobile navigation menu"> <div class="container-fluid p-0"> <button class="navbar-toggler ms-3 collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNavDropdownMain" aria-controls="navbarNavDropdownMain" aria-expanded="false" aria-label="Toggle navigation"> <span></span> <span></span> <span></span> </button> <a class="navbar-brand" href="/"> <img src="https://filestore.fortinet.com/fortiguard/static/images/fortiguard-logo-dark-theme.svg?v=32538" alt="fortiguard-logo" loading="lazy"> </a> <img id="mobile_global_header_search_btn" src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=32538" alt="search" class="me-3" width="25px"> <div class="collapse navbar-collapse" id="navbarNavDropdownMain"><ul class="navbar-nav"> <li class="nav-item"> <a class="nav-link dropdown-toggle" href="#" id="navbarScrollingDropdownNews" role="button" data-bs-toggle="dropdown" aria-expanded="false"> News / Research</a> <ul class="dropdown-menu" aria-labelledby="navbarScrollingDropdownNews"> <li class=""><a href="/psirt" class=dropdown-item>Advisories</a></li> <li class=""><a href="/outbreak-alert" class=dropdown-item>Outbreak Alerts</a></li> <li class=""><a href="https://www.fortinet.com/blog/psirt-blogs" target = _blank class=dropdown-item>PSIRT Blog</a></li> <li class=""><a href="/faq/psirt-contact" class=dropdown-item>PSIRT Contact</a></li> <li class=""><a href="https://www.fortinet.com/blog/threat-research.html" target = _blank class=dropdown-item>Security Blog</a></li> <li class=""><a href="/psirt_policy" class=dropdown-item>Security Vulnerability Policy</a></li> <li class=""><a href="/threat-signal-report" class=dropdown-item>Threat Signal</a></li> </ul> </li> <li class="nav-item"> <a class="nav-link dropdown-toggle" href="#" id="navbarScrollingDropdownServices" role="button" data-bs-toggle="dropdown" aria-expanded="false">Services</a> <ul class="dropdown-menu" aria-labelledby="navbarScrollingDropdownServices"> <li class=""><a href="/services/botnet" class=dropdown-item>Anti-Botnet</a></li> <li class=""><a href="/services/arae" class=dropdown-item>Anti-Recon and Anti-Exploit</a></li> <li class=""><a href="/services/arae" class=dropdown-item>Anti-Recon and Anti-Exploit</a></li> <li class=""><a href="/services/antispam" class=dropdown-item>AntiSpam</a></li> <li class=""><a href="/services/antivirus" class=dropdown-item>AntiVirus</a></li> <li class=""><a href="/services/appcontrol" class=dropdown-item>Application Control</a></li> <li class=""><a href="https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/assess" target = _blank class=dropdown-item>Assessment Services</a></li> <li class=""><a href="/services/cloud-vulnerability-and-threat-detection" class=dropdown-item>Cloud Threat Detection</a></li> <li class=""><a href="/services/cloud-vulnerability-and-threat-detection" class=dropdown-item>Cloud Vulnerability</a></li> <li class=""><a href="/services/dynamic-application-security-testing" class=dropdown-item>Dynamic Application Security Testing</a></li> <li class=""><a href="/services/fedr" class=dropdown-item>Endpoint Detection & Response</a></li> <li class=""><a href="https://www.fortinet.com/products/fortixdr" target = _blank class=dropdown-item>Endpoint Detection and Response</a></li> <li class=""><a href="https://www.fortinet.com/products/endpoint-security/forticlient#support-services" target = _blank class=dropdown-item>Endpoint Forensics</a></li> <li class=""><a href="/services/ev" class=dropdown-item>Endpoint Vulnerability</a></li> <li class=""><a href="/services/ev" class=dropdown-item>Endpoint Vulnerability</a></li> <li class=""><a href="/services/breach-attack-simulation" class=dropdown-item>FortiTester</a></li> <li class=""><a href="https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/respond" target = _blank class=dropdown-item>Incident Response</a></li> <li class=""><a href="/services/ioc" class=dropdown-item>Indicators of Compromise</a></li> <li class=""><a href="/updates/casb" class=dropdown-item>Inline-CASB Application Definitions</a></li> <li class=""><a href="/services/ips" class=dropdown-item>Intrusion Protection</a></li> <li class=""><a href="/services/dds" class=dropdown-item>IoT Detection</a></li> <li class=""><a href="https://www.fortinet.com/training/cybersecurity-professionals" target = _blank class=dropdown-item>NSE Training</a></li> <li class=""><a href="/services/operational-technology-security-service" class=dropdown-item>Operational Technology Security</a></li> <li class=""><a href="/services/odcs" class=dropdown-item>Outbreak Deception</a></li> <li class=""><a href="/services/outbreak-detection-service" class=dropdown-item>Outbreak Detection</a></li> <li class=""><a href="/services/pentesting" class=dropdown-item>Pen Testing</a></li> <li class=""><a href="https://www.fortinet.com/products/fortirecon" target = _blank class=dropdown-item>Recon: ACI</a></li> <li class=""><a href="https://www.fortinet.com/products/fortirecon" target = _blank class=dropdown-item>Recon: BP</a></li> <li class=""><a href="https://www.fortinet.com/products/fortirecon" target = _blank class=dropdown-item>Recon: EASM</a></li> <li class=""><a href="/services/sandbox" class=dropdown-item>Sandbox Behavior Engine</a></li> <li class=""><a href="https://www.fortinet.com/training/security-awareness-training" target = _blank class=dropdown-item>Security Awareness Training</a></li> <li class=""><a href="/services/secr" class=dropdown-item>Security Rating</a></li> <li class=""><a href="/services/security-automation-service" class=dropdown-item>SOC Automation</a></li> <li class=""><a href="/services/ws" class=dropdown-item>Web Application Security</a></li> <li class=""><a href="/services/wf" class=dropdown-item>Web Filtering</a></li> </ul> </li> <li class="nav-item"> <a class="nav-link dropdown-toggle" href="#" id="navbarScrollingDropdownThreatLookup" role="button" data-bs-toggle="dropdown" aria-expanded="false">Threat Lookup</a> <ul class="dropdown-menu" aria-labelledby="navbarScrollingDropdownThreatLookup"> <li class=""><a href="/appcontrol" class=dropdown-item>Application Control</a></li> <li class=""><a href="/threat-research" class=dropdown-item>Threat Analytics</a></li> <li class=""><a href="/encyclopedia" class=dropdown-item>Threat Encyclopedia</a></li> <li class=""><a href="/threat-map" class=dropdown-item>Threat Map</a></li> <li class=""><a href="/webfilter" class=dropdown-item>Web Filtering</a></li> </ul> </li> <li class="nav-item"> <a class="nav-link dropdown-toggle" href="#" id="navbarScrollingDropdownResources" role="button" data-bs-toggle="dropdown" aria-expanded="false">Resources</a> <ul class="dropdown-menu" aria-labelledby="navbarScrollingDropdownResources"> <li class=""><a href="/sample-files" class=dropdown-item>FortiGuard Sample Files</a></li> <li class=""><a href="/mitre-mapping" class=dropdown-item>MITRE ATT&CK Matrix</a></li> <li class=""><a href="/nist-csf" class=dropdown-item>NIST Cybersecurity Framework</a></li> <li class=""><a href="/events" class=dropdown-item>Publications</a></li> <li class=""><a href="/security-best-practices" class=dropdown-item>Security Best Practices</a></li> </ul> </li> <li class="nav-item"> <a class="nav-link dropdown-toggle" href="#" id="navbarScrollingDropdownAbout" role="button" data-bs-toggle="dropdown" aria-expanded="false">About</a> <ul class="dropdown-menu" aria-labelledby="navbarScrollingDropdownAbout"> <li class=""><a href="/contactus" class=dropdown-item>Contact Us</a></li> <li class=""><a href="/cta" class=dropdown-item>Cyber Threat Alliance</a></li> <li class=""><a href="https://www.fortinet.com/corporate/about-us/product-certifications/mitre-att-ck" target = _blank class=dropdown-item>MITRE Engenuity</a></li> <li class=""><a href="/premium-services" class=dropdown-item>Premium Services</a></li> <li class=""><a href="/rss-feeds" class=dropdown-item>RSS Feeds</a></li> </ul> </li> </li> <li class="nav-item"><a href="https://fortinet.com">FORTINET</a></li> </ul></div> </div> </nav> <div class="mobile-search-bar d-xl-none d-none"> <form action="/search" method="get" class="mobile-search-form col-12 "> <div class="input-group"> <select class="form-select" name="engine" > <option value="1" > Normal </option> <option value="2" > Exact Match </option> <option value="3" > CVE </option> <option value="4" > ID </option> <option value="6" > PSIRT </option> <option value="8" > Antispam </option> <option value="9" > Outbreak Alert </option> <option value="7" > IP/Domain/URL </option> </select> <input id="search_field_header" type="text" class="form-control" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="" /> <button class="btn btn-sm btn-outline-secondary" type="submit"> <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=32538" alt="search"> </button> </div> </form> </div> </div> </header><main> <div class="page-content"> <div class="page-section "> <div class=" "> <div class="container-xxl"> <div class="row"> <div class="col-md-12"> </div> </div> </div> <div id="full-page" class="col-md-12"> <section class="intro" style="background: linear-gradient(rgba(0,0,0,.5), rgba(0,0,0,.5)), url('https://filestore.fortinet.com/fortiguard/static/images/services/psirt.jpg?v=32538') no-repeat left 0px top 0px;" > <div class="container-xxl"> <div class="row"> <div class="col-xxl-7 col-xl-8 col-lg-8 col-md-12"> <div class="mb-2"> <a href="/psirt"> <h2><img class="me-2" src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/psirt.svg?v=32538" width="35" class="pull-left" alt="virus logo" loading="lazy"/> PSIRT</h2> </a> </div> <h1 class="title" style="word-break: unset !important;">Authentication bypass in administrative interface</h1> </div> </div> </div> </section> <section class="content"> <div class="container-xxl"> <div class="row"> <div class="col-lg-9 order-lg-1 order-sm-2 order-2"> <div lang="en" class="detail-item"> <h3>Summary</h3> <p>An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.<br />## Exploitation Status:<br />Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device's logs:<br /><code>user=Local_Process_Access</code><br />Please contact customer support for assistance.<br />## UPDATE:<br />Fortinet is aware of instances where this vulnerability was exploited to download the config file from the targeted devices, and to add a malicious super_admin account called 'fortigate-tech-support':<br /><code><br/># show system admin<br/>edit fortigate-tech-support<br/>set accprofile super_admin<br/>set vdom root<br/>set password ENC [...]<br/>next<br/></code><br />Please contact customer support for assistance.<br />## Workaround:<br />## FortiOS:<br />Disable HTTP/HTTPS administrative interface<br />OR<br />Limit IP addresses that can reach the administrative interface:<br /><code><br/>config firewall address<br/>edit my_allowed_addresses<br/>set subnet <MY IP> <MY SUBNET><br/>end<br/></code><br />Then create an Address Group:<br /><code><br/>config firewall addrgrp<br/>edit MGMT_IPs<br/>set member my_allowed_addresses<br/>end<br/></code><br />Create the Local in Policy to restrict access only to the predefined group on management interface (here: port1):<br /><code><br/>config firewall local-in-policy<br/>edit 1<br/>set intf port1<br/>set srcaddr MGMT_IPs<br/>set dstaddr all<br/><br/>set action accept<br/>set service HTTPS HTTP<br/>set schedule always<br/><br/>set status enable<br/>next<br/><br/>edit 2<br/>set intf any<br/>set srcaddr all<br/>set dstaddr all<br/>set action deny<br/>set service HTTPS HTTP<br/>set schedule always<br/>set status enable<br/>end<br/></code><br />If using non default ports, create appropriate service object for GUI administrative access:<br /><code><br/>config firewall service custom<br/>edit GUI_HTTPS<br/>set tcp-portrange admin-sport<br/>next<br/><br/>edit GUI_HTTP<br/><br/>set tcp-portrange admin-port<br/>end<br/></code><br />Use these objects instead of 'HTTPS HTTP' in the local-in policy 1 and 2 below.<br />UPDATE: When using an HA reserved management interface, the local in policy needs to be configured slightly differently - please see: <br /><a rel="nofollow noopener noreferrer" target="_blank" href="https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-a-local-in-policy-on-a-HA/ta-p/222005">https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-a-local-in-policy-on-a-HA/ta-p/222005</a><br /><a rel="nofollow noopener noreferrer" target="_blank" href="https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-a-local-in-policy-on-a-HA/ta-p/222005">https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-a-local-in-policy-on-a-HA/ta-p/222005</a><br />Please contact customer support for assistance.<br />## FortiProxy:<br />Disable HTTP/HTTPS administrative interface<br />OR<br />For FortiProxy VM all versions or FortiProxy appliance 7.0.6:<br />Limit IP addresses that can reach the administrative interface (here: port1):<br /><code><br/>config system interface<br/>edit port1<br/>set dedicated-to management<br/>set trust-ip-1 &lt;MY IP&gt; &lt;MY SUBNET<br/>end<br/></code><br />Please contact customer support for assistance.<br />## FortiSwitchManager:<br />DIsable HTTP/HTTPS administrative interface<br />Please contact customer support for assistance.<br /></p> </div> <div lang="en" class="detail-item"> <h3>Affected Products</h3> <p>FortiOS versions 5.x, 6.x are NOT impacted.<br/>FortiOS version 7.2.0 through 7.2.1<br/>FortiOS version 7.0.0 through 7.0.6<br/>FortiProxy version 7.2.0<br/>FortiProxy version 7.0.0 through 7.0.6<br/>FortiSwitchManager version 7.2.0<br/>FortiSwitchManager version 7.0.0<br/></p> </div> <div lang="en" class="detail-item"> <h3>Solutions</h3> <p>Please upgrade to FortiOS version 7.2.2 or above<br/>Please upgrade to FortiOS version 7.0.7 or above<br/>Please upgrade to FortiProxy version 7.2.1 or above<br/>Please upgrade to FortiProxy version 7.0.7 or above<br/>Please upgrade to FortiSwitchManager version 7.2.1 or above<br/>Please upgrade to FortiSwitchManager version 7.0.1 or above<br />Please upgrade to FortiOS version 7.0.5 B8001 or above for <b>FG6000F and 7000E/F</b><br/> series platforms<br/></p> </div> </div> <div class="col-lg-3 order-lg-2 order-sm-1 order-1"> <div class="sidebar"> <table lang="en" class="table table-responsive table-borderless meta"> <tr> <td>IR Number</td> <td>FG-IR-22-377</td> </tr> <tr> <td>Published Date</td> <td>Oct 10, 2022</td> </tr> <tr> <td>Component</td> <td>GUI</td> </tr> <tr> <td>Severity</td> <td> <i class="fa fa-exclamation-triangle" style="color:#dc3545;font-size:15px; vertical-align: middle;" aria-hidden="true"></i> Critical </td> </tr> <tr> <td>CVSSv3 Score</td> <td><a target="_blank" href=" https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C&version=3.1">9.6</a> </td> </tr> <tr> <td>Impact</td> <td>Execute unauthorized code or commands</td> </tr> <tr> <td>CVE ID</td> <td> <a class="link" href="https://www.cve.org/CVERecord?id=CVE-2022-40684" rel="nofollow noopener noreferrer" target="_blank">CVE-2022-40684</a> </td> </tr> <tr> <td>CVRF</td> <td><a href="/psirt/cvrf/FG-IR-22-377">Download</a> </td> </tr> <tr> <td>Language</td> <td> <select id="language_select" class="form-control input-sm"> <option value="en">English</option> <option value="pt" >Portuguese</option> </select> </td> </tr> </table> </div> </div> </div> </div> </section> </div> </div> </div> </div> </main> <footer> <div class=container-xxl> <div class="row"> <div class="col-md-4"> <p class="footer-logo"><a href="https://www.fortinet.com" target="_blank"> <img src="https://filestore.fortinet.com/fortiguard/static/images/fortinet-footer-logo.svg?v=32538" alt="fortinet logo in the footer" loading="lazy"/> </a></p> </div> <div class="col-md-5"> <div class="bottom-nav"> <ul role="list" aria aria-label="list of links namely contact us, Legal, Privacy, faq, partners, feedback "> <li class="contact" role="listitem"> <a href="/contactus">Contact Us</a> </li> <li class="legal" role="listitem"> <a href="https://www.fortinet.com/corporate/about-us/legal.html" target="_blank">Legal</a> </li> <li class="privacy" role="listitem"> <a href="https://www.fortinet.com/corporate/about-us/privacy.html" target="_blank">Privacy</a> </li> <li class="partners" role="listitem"> <a href="/partners">Partners</a> </li> <li class="feedback" role="listitem"> <a href="/faq/general-contact">Feedback</a> </li> <!-- <li class="language"><a href="#">Language: EN</a> <div class="footer-hover lang-selector"> English </div> </li> --> </ul> </div> </div> <div class="col-md-3"> <ul class="social"> <li><a href="https://www.facebook.com/FortiGuard.Labs" target="_blank"><img src="https://filestore.fortinet.com/fortiguard/static/images/facebook_icon_footer.svg?v=32538" alt="facebook-icon-footer" loading="lazy"/></a></li> <li><a href="https://x.com/FortiGuardLabs" target="_blank"><img src="https://filestore.fortinet.com/fortiguard/static/images/x_icon_footer.svg?v=32538" alt="twitter-icon-footer" style="width:25px !important;" loading="lazy"/></a></li> <li><a href="https://www.linkedin.com/showcase/3668640/" target="_blank"><img src="https://filestore.fortinet.com/fortiguard/static/images/linkedin_icon_footer.svg?v=32538" alt="linkedin-icon-footer" loading="lazy"/></a></li> <li><a href="https://www.instagram.com/fortinet/" target="_blank"><img src="https://filestore.fortinet.com/fortiguard/static/images/instagram_icon_footer.svg?v=32538" alt="linkedin-icon-footer" loading="lazy"/></a></li> <li><a href="/rss-feeds"><img src="https://filestore.fortinet.com/fortiguard/static/images/rss_icon_footer.svg?v=32538" alt="rss-icon-footer" loading="lazy"/></a></li> </ul> </div> </div> <div class="row"> <div class="col-md-12"> <p>Copyright 漏 2024 Fortinet, Inc. All Rights Reserved.</p> </div> </div> </div> </footer> <script src="https://filestore.fortinet.com/fortiguard/static/scripts/vendor.min.js?v=32538"></script> <script rel="prefetch" as="script" src="https://filestore.fortinet.com/fortiguard/static/scripts/app.min.js?v=32538"></script> <script rel="prefetch" as="script" src="https://filestore.fortinet.com/fortiguard/static/scripts/script.min.js?v=32538"></script> <script rel="prefetch" as="script" src="https://filestore.fortinet.com/fortiguard/static/scripts/bundle.min.js?v=32538"></script> <script src="https://filestore.fortinet.com/fortiguard/static/vendor/jquery.cookie.min.js?v=32538"></script> <script> $('#language_select').change(function () { let lang_code = $(this).val() $.cookie('lang_code_cookie', lang_code, {path: '/'}); console.log(lang_code) if (lang_code == 'en') { window.location.href = "/psirt/" + "FG-IR-22-377"; } else { window.location.href = "/" + lang_code + "/psirt" + "/" + "FG-IR-22-377"; } }); </script> <script src="https://filestore.fortinet.com/scripts/privacy-v2.min.js?c=54708845" async></script> </body> </html>