Critical Fortinet Vulnerability Ahead

Published: 2022-10-07
Last Updated: 2022-10-07 14:34:23 UTC
by Xavier Mertens (Version: 1)
0 comment(s)

Fortinet has contacted[1] its customers to update as soon as possible to the latest version of their firewall (Fortigate) and proxies (FortiProxy) to fix a critical vulnerability. Assigned CVE-2022-40684, it is related to an authentication bypass on the administrative interface.

Affected products are:

  • FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
  • FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0

If you can't upgrade now, a good recommendation is to block access from unknown IP addresses to the affected products.

As usual, this notification arises just before the weekend. If you have Fortinet products managed by a 3rd party, we also recommended you to cross-check with them to ensure the upgrade will be performed.

[1] https://twitter.com/Gi7w0rm/status/1578299492822003712

Xavier Mertens (@xme)
Xameco
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key

0 comment(s)

Comments


Diary Archives