Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Cyber Security

Products You May Like

Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices.

Tracked as CVE-2022-40684, the high-severity flaw relates to an authentication bypass vulnerability that could permit an unauthenticated adversary to perform arbitrary operations on the administrative interface.

CyberSecurity

The issue impacts the following versions, and has been addressed in FortiOS versions 7.0.7 and 7.2.2, and FortiProxy version 7.0.7 released this week –

  • FortiOS – From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
  • FortiProxy – From 7.0.0 to 7.0.6 and 7.2.0

“Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade,” the company cautioned in an alert shared by a security researcher named Gitworm on Twitter.

When reached for a comment, Fortinet acknowledged the advisory and noted that it’s delaying public notice until its customers have applied the fixes.

CyberSecurity

“Timely and ongoing communications with our customers is a key component in our efforts to best protect and secure their organization,” the company said in a statement shared with The Hacker News. “Customer communications often detail the most up-to-date guidance and recommended next steps to best protect and secure their organization.”

“There are instances where confidential advance customer communications can include early warning on advisories to enable customers to further strengthen their security posture, which then will be publicly released in the coming days to a broader audience. The security of our customers is our first priority.”

Products You May Like

Articles You May Like

OpenAI and Anthropic agree to let U.S. AI Safety Institute test and evaluate new models
Amazon checkout process hits technical snag during Labor Day sale
North Korean Hackers Target Developers with Malicious npm Packages
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
Google to relaunch tool for creating AI-generated images of people after pulling service due to inaccuracies

Leave a Reply

Your email address will not be published. Required fields are marked *