X
NEXT
Forgot password?

DigitalXRAID

Fortinet Critical Authentication Bypass Vulnerability

Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts:

A new vulnerability which has recently been patched by Fortinet is being exploited in the wild. A critical authentication bypass vulnerability on the administrator interface allows threat actors to login to FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager remotely.

Read more about the CVE detail here: CVE-2022-40684
The CVSS (Common Vulnerability Scoring System) Severity Score has been rated as: 9.6 (critical)

An advisory notice released by Fortinet gave further information, by using specially crafted HTTP or HTTPs requests an attacker could perform actions remotely in the administrator interface without authentication. Fortinet recommends immediately validating your systems against the following indicator of compromise in the device’s logs: user=”Local_Process_Access,”.

A list of vulnerable products (if left unpatched) can be found below:

  • FortiOS : 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
  • FortiProxy : 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
  • FortiSwitchManager : 7.2.0, 7.0.0

To mitigate against this vulnerability, Fortinet has released security patches and recommends that customers update their devices as soon as possible to defender against attacks.

Patched versions are:

  • FortiOS 7.0.7 and above
  • FortiOS 7.2.2 and above
  • FortiProxy 7.0.7 and above
  • FortiProxy 7.2.1 and above
  • FortiSwitchManager 7.2.1 and above

If it is not possible to immediately deploy the security updates, then there is also a workaround. Admins should disable HTTP/HTTPS administrative interface or limit the IP addresses that can reach the administrative interface using a Local in Policy. More information on the workaround can be found in the PSIRT advisory from Fortinet

If you discover that you’ve suffered a breach as a result of this or any other vulnerability, and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us.   

If you need any support in mitigating any risks this vulnerability may have on your business, please don’t hesitate to get in contact

Previous Article

NHS Cyberattack: 3 steps to avoiding large scale ransomware disruption

Next Article

Threat Intelligence: Apache Commons Text

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]