Fortinet Informs Customers about a Critical Vulnerability

Critical Fortinet Vulnerability
Written by Emma Davis

Fortinet developers have warned administrators to urgently update their FortiGate firewalls, FortiProxy Web Proxy, and FortiSwitch Manager (FSWM) to the latest versions tha fix a critical vulnerability in the company’s products.

Let me remind you that we also wrote that Hackers Attacked Critical Vulnerability in Zyxel Firewalls, and also that Cisco fixed critical vulnerability in Jabber for Windows.

Fortinet’s latest problem is authentication bypass that is attackers already exploit. The vulnerability received the identifier CVE-2022-40684 and is rated at 9.6 points out of 10 possible on the CVSS scale.

Authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy allows an unauthenticated attacker to perform operations on the administrative interface using specially crafted HTTP or HTTPS requests. This is a critical vulnerability and should be fixed as soon as possible.Fortinet says.

The following products are known to be affected by this issue:

  1. FortiOS: versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1;
  2. FortiProxy: versions 7.0.0 to 7.0.6 and 7.2.0;
  3. FortiSwitchManager: Versions 7.0.0 and 7.2.0.

The vulnerability has already been fixed in FortiOS 7.0.7, 7.2.2 and higher, FortiProxy 7.0.7, 7.2.1 and higher, and FortiSwitchManager 7.2.1 or higher.

The company emphasizes that experts are aware of at least one attack using CVE-2022-40684.

Fortinet is aware of this vulnerability being exploited, and the company strongly encourages customers to immediately scan systems against the following indicator of compromise: user=”Local_Process_Access”the company's security bulletin reads.

According to Shodan, there are currently more than 140,000 FortiGate firewalls on the Internet that are likely vulnerable to attack (if their admin interfaces are open to outside access).

Moreover, information security experts from the Horizon3 Attack Team write on Twitter that they have already developed a PoC exploit for a fresh problem and intend to make it public later this week.

Critical Fortinet Vulnerability

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending