Proactive, Responsible Disclosure Is One Crucial Way Fortinet Strengthens Customer Security
The cybersecurity industry continues to grow and mature. As a part of this process, we must collectively raise the topic of—and discuss the need for—ethical rules for handling the disclosure of vulnerabilities, especially given the many benefits of providing such intelligence in protecting customers against cyber adversaries.
FortiGuard Labs Threat Research
CVE-2015-4400 : Backdoorbot, Network Configuration Leak on a Connected Doorbell
Summary In March 2015, a Network Configuration Leak vulnerability was disclosed to Ring as part of FortiGuard's Responsible Disclosure process. The vulnerability existed on their first internet-connected doorbell, Doorbot v1.0 but other posts on the subject show that the vulnerability was ported on newer versions of the connected doorbell as well. The vulnerability had been granted CVE-2015-4400: DoorBot Network Configuration Leak. We have issued an Advisory and IPS signatures (DoorBot.Network.Configuration.Leak) for the same. We...
