Fortinet has released a security update to address a critical vulnerability (CVE-2022-40684) in its FortiOS and FortiProxy products.
Based on the internal advisory shared on social media, “Fortinet strongly recommends all customers with the vulnerable version to perform an immediate upgrade”.
A. Nature of the Vulnerability
- Successful exploitation may allow an authenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
B. Affected Version
- FortiOS: 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1
- FortiProxy: 7.0.0 to 7.0.6 and 7.2.0
C. Actions to be Taken
CERT-PH recommends the following actions be taken:
- CERT-PH encourages all Fortinet users to apply the necessary update to mitigate future threats.
- For additional information, kindly check the links below.