Firewall maker Fortinet is warning its customers about a vulnerability in FortiOS and FortiProxy that could be exploited remotely. Anyone who cannot import the provided updates should also restrict access to the admin interface.
Authentication can be bypassed
Fortinet firewalls and proxies hide a serious security bug that remote attackers can exploit. The vulnerability provided with CVE-ID CVE-2022-40684 allows authentication to be bypassed on the admin interface of affected products. Specially crafted HTTP(S) requests can be used to perform tasks that are actually reserved for the administrator. Fortinet classifies the vulnerability as critical and assigns a CVSS score of 9.6/10.
like an internet storm center in your warning message Writes, Fortinet previously alerted its customers to a security gap in a message classified as confidential — but the advice quickly ended up on the social network.
According to Fortinet, not all versions of FortiOS and FortiProxy are affected. FortiOS is vulnerable between versions 7.0.0 and 7.0.6 and 7.2.0 and 7.2.1, as is FortiProxy between 7.0.0 and 7.0.6 and versions 7.2.0. Older versions do not have the vulnerability.
Fortinet usually releases monthly updates as part of Patch Day. Fortinet fixed several security vulnerabilities in July.
However, those who administer a Fortinet product should not wait for October Patch Day. The vulnerability has been fixed in FortiOS 7.0.7, 7.2.2, FortiProxy 7.0.7 and 7.2.1 and all newer versions. If an update isn’t possible at short notice, administrators can import a workaround, which Fortinet describes in its Paying Customers support document CSB-221006-1.
Freelance twitter maven. Infuriatingly humble coffee aficionado. Amateur gamer. Typical beer fan. Avid music scholar. Alcohol nerd.