On October 10, 2022, Fortinet, Inc released a new advisory for CVE-2022-40684 which affects the FortiOS, FortiProxy and FortiSwitchManager products.
Each of these products are vulnerable to an authentication bypass vulnerability. This vulnerability could allow an attacker to perform unauthenticated actions on the target system. These actions include, but are not limited to:
- Modifying admin user SSH keys.
- Adding new local users
- Updating network configurations to reroute traffic
- Initiating packet captures to capture sensitive information
Publicly available exploit code is now starting to become available.
Affected Products
- FortiOS version 7.2.0 through 7.2.1
- FortiOS version 7.0.0 through 7.0.6
- FortiProxy version 7.2.0
- FortiProxy version 7.0.0 through 7.0.6
- FortiSwitchManager version 7.2.0
- FortiSwitchManager version 7.0.0
Solutions
- Upgrade to FortiOS version 7.2.2 or above
- Upgrade to FortiOS version 7.0.7 or above
- Upgrade to FortiProxy version 7.2.1 or above
- Upgrade to FortiProxy version 7.0.7 or above
- Upgrade to FortiSwitchManager version 7.2.1 or above
Read more in:
- www.fortiguard.com: FortiOS / FortiProxy / FortiSwitchManager – Authentication bypass on administrative interface
- docs.fortinet.com: FortiOS Release Notes for FortiOS 7.2.2 build 1255
- www.darkreading.com: Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln
- www.bleepingcomputer.com: Fortinet says critical auth bypass bug is exploited in attacks
Ongoing penetration testing and vulnerability management can alert you to these types of vulnerabilities being present in your environment. nGuard account executives are standing by to discuss solutions that elevate the overall security posture of your organization and ensure you are ready to handle vulnerabilities such as the ones described above.