• Skip to primary navigation
  • Skip to main content
nGuard

nGuard

Call us p. 704.583.4088
  • Solutions
    • Security Assessments
    • Compliance
    • Cyber Security Incidence Response
    • Penetration Testing
    • Managed Event Collection
    • Vulnerability Management
    • Red Teaming
    • Mobile Security
    • Cloud Security
  • Industries
    • Healthcare
    • Energy
    • Information Technology
    • Manufacturing
  • About Us
    • Our Company
    • Careers
    • Blog
  • Contact
Client PortalSpeak to An Expert

critical

URGENT | Fortinet Authentication Bypass Vulnerability

On October 10, 2022, Fortinet, Inc released a new advisory for CVE-2022-40684 which affects the FortiOS, FortiProxy and FortiSwitchManager products.

Each of these products are vulnerable to an authentication bypass vulnerability. This vulnerability could allow an attacker to perform unauthenticated actions on the target system.  These actions include, but are not limited to:

  • Modifying admin user SSH keys.
  • Adding new local users
  • Updating network configurations to reroute traffic
  • Initiating packet captures to capture sensitive information

Publicly available exploit code is now starting to become available.

Affected Products

  • FortiOS version 7.2.0 through 7.2.1
  • FortiOS version 7.0.0 through 7.0.6
  • FortiProxy version 7.2.0
  • FortiProxy version 7.0.0 through 7.0.6
  • FortiSwitchManager version 7.2.0
  • FortiSwitchManager version 7.0.0

Solutions

  • Upgrade to FortiOS version 7.2.2 or above
  • Upgrade to FortiOS version 7.0.7 or above
  • Upgrade to FortiProxy version 7.2.1 or above
  • Upgrade to FortiProxy version 7.0.7 or above
  • Upgrade to FortiSwitchManager version 7.2.1 or above

Read more in:

  • www.fortiguard.com: FortiOS / FortiProxy / FortiSwitchManager – Authentication bypass on administrative interface
  • docs.fortinet.com: FortiOS Release Notes for FortiOS 7.2.2 build 1255
  • www.darkreading.com: Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln
  • www.bleepingcomputer.com: Fortinet says critical auth bypass bug is exploited in attacks

Ongoing penetration testing and vulnerability management can alert you to these types of vulnerabilities being present in your environment. nGuard account executives are standing by to discuss solutions that elevate the overall security posture of your organization and ensure you are ready to handle vulnerabilities such as the ones described above.

Filed Under: Advisory, Breach, Compliance, Events, Financial, General, Products & Services, Vulnerabilities & Exploits Tagged With: auth, bypass, critical, fort, fortigate, fortinet, Hacking, malware, Multi-Factor Authentication, Penetration Testing, urgent, vuln, zeroday

nGuard

nGuard

3540 Toringdon Way
Suite 200
Charlotte, NC 28277-4650

info@nGuard.com

Client Portal

Solutions

  • Security Assessments
  • Compliance
  • Cyber Security Incident Response
  • Penetration Testing
  • Managed Event Collection
  • nGuard Vulnerability Management
  • Mobile Security
  • Cloud Security

Industries

  • Energy
  • Healthcare
  • Manufacturing
  • Information Technology

About Us

  • Our Company
  • Careers
  • Blog

© 2023 nGuard. All rights reserved.

  • Privacy Policy