Critical Fortinet Vulnerability Ahead
Fortinet has contacted[1] its customers to update as soon as possible to the latest version of their firewall (Fortigate) and proxies (FortiProxy) to fix a critical vulnerability. Assigned CVE-2022-40684, it is related to an authentication bypass on the administrative interface.
Affected products are:
- FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
- FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
If you can't upgrade now, a good recommendation is to block access from unknown IP addresses to the affected products.
As usual, this notification arises just before the weekend. If you have Fortinet products managed by a 3rd party, we also recommended you to cross-check with them to ensure the upgrade will be performed.
[1] https://twitter.com/Gi7w0rm/status/1578299492822003712
Xavier Mertens (@xme)
Xameco
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key
Reverse-Engineering Malware: Advanced Code Analysis | Online | Greenwich Mean Time | Oct 28th - Nov 1st 2024 |
Comments