Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

Cyber Security

Products You May Like

Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild.

Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative interface via specially crafted HTTP(S) requests.

“Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device’s logs: user=’Local_Process_Access,'” the company noted in an advisory.

CyberSecurity

The list of impacted devices is below –

  • FortiOS version 7.2.0 through 7.2.1
  • FortiOS version 7.0.0 through 7.0.6
  • FortiProxy version 7.2.0
  • FortiProxy version 7.0.0 through 7.0.6
  • FortiSwitchManager version 7.2.0, and
  • FortiSwitchManager version 7.0.0

Updates have been released by the security company in FortiOS versions 7.0.7 and 7.2.2, FortiProxy versions 7.0.7 and 7.2.1, and FortiSwitchManager version 7.2.1.

CyberSecurity

The disclosure comes days after Fortinet sent “confidential advance customer communications” to its customers, urging them to apply patches to mitigate potential attacks exploiting the flaw.

If updating to the latest version isn’t an option, it’s recommended that users disable the HTTP/HTTPS administrative interface, or alternatively limit IP addresses that can access the administrative interface.

Products You May Like

Articles You May Like

Gravitational Waves Suggest Supercool Phase Transition After the Big Bang, Unveiling New Physics
OnePlus 13 Launch Timeline Leaked; Might Arrive in China as Early as October
WhatsApp Developing Phone Contact Sync Toggle for Linked Devices: Report
Plaud NotePin AI-Powered Wearable Note-Taking Device Launched: Price, Specifications
Vivo X Fold 3 Pro vs OnePlus Open: Which One Should You Get?

Leave a Reply

Your email address will not be published. Required fields are marked *