Pierluigi Paganini October 10, 2022

Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild.

Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies.

An attacker can exploit the vulnerability to log into vulnerable devices.

“An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests,” reads the advisory issued by the company PSIRT.

The company urges customers of addressing this critical vulnerability immediately due to the risk of remote exploitation of the flaw.

The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0 are also impacted.

The cybersecurity firm addressed the flaw with the release of FortiOS/FortiProxy versions 7.0.7 or 7.2.2. The company also provided a workaround for those who can’t immediately deploy security updates.

Customers that are not able to upgrade their systems should Disable HTTP/HTTPS administrative interface or Limit IP addresses that can reach it.

Today the company confirmed today the critical authentication bypass vulnerability is being exploited in the wild.

“Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device’s logs: user=”Local_Process_Access”” continues the advisory.

Security researchers at the Horizon3 Attack Team have developed a proof-of-concept (PoC) exploit code and plan to release it later this week.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Fortinet)

[adrotate banner=”5″]

[adrotate banner=”13″]