Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies.
An attacker can exploit the vulnerability to log into vulnerable devices.
“An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests,” reads the advisory issued by the company PSIRT.
The company urges customers of addressing this critical vulnerability immediately due to the risk of remote exploitation of the flaw.
The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0 are also impacted.
The cybersecurity firm addressed the flaw with the release of FortiOS/FortiProxy versions 7.0.7 or 7.2.2. The company also provided a workaround for those who can’t immediately deploy security updates.
Customers that are not able to upgrade their systems should Disable HTTP/HTTPS administrative interface or Limit IP addresses that can reach it.
Today the company confirmed today the critical authentication bypass vulnerability is being exploited in the wild.
“Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device’s logs: user=”Local_Process_Access”” continues the advisory.
Security researchers at the Horizon3 Attack Team have developed a proof-of-concept (PoC) exploit code and plan to release it later this week.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Fortinet)
[adrotate banner=”5″]
[adrotate banner=”13″]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware…
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…
Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and…
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL…
A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial…
This website uses cookies.