
Fortinet has released a security update to address a critical vulnerability (CVE-2022-40684) in its FortiOS and FortiProxy products.
Based on the internal advisory shared on social media, “Fortinet strongly recommends all customers with the vulnerable version to perform an immediate upgrade”.
______________________________
A. Nature of the Vulnerability
CVE-2022-40684
- Successful exploitation may allow an authenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
______________________________
B. Affected Version
- FortiOS: 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1
- FortiProxy: 7.0.0 to 7.0.6 and 7.2.0
______________________________
C. Actions to be Taken
CERT-PH recommends the following actions be taken:
- CERT-PH encourages all Fortinet users to apply the necessary update to mitigate future threats.
- For additional information, kindly check the links below.
- https://www.fortiguard.com/psirt/FG-IR-22-377
- https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues
- https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/289806/resolved-issues
- https://www.rapid7.com/blog/post/2022/10/07/cve-2022-40684-remote-authentication-bypass-vulnerability-in-fortinet-firewalls-web-proxies/?utm_source=marketo&utm_medium=email&utm_campaign=etr-cve-2022-40684