Fortinet Authentication Bypass vulnerability (CVE-2022-40684)

A critical Authentication Bypass vulnerability (CVE-2022-40684) was identified in FortiOS and FortiProxy recently and is being exploited in the wild.  The vulnerability would potentially allow an unauthenticated attacker to bypass authentication and access the administrative portal by sending a specially crafted HTTPS request.

 

Fortinet has released a patch to remediate this vulnerability and strongly recommends customers to apply the update IMMEDIATELY.

 

Vulnerabilities

  • Authentication Bypass Vulnerability (CVE-2022-40684)

 

Severity Level

  • Critical

 

Affected Systems

  • FortiOS: 7.0.0 to 7.0.6, 7.2.0 to 7.2.1
  • FortiProxy: 7.0.0 to 7.0.6, 7.2.0
  • FortiSwitchManager: 7.2.0, 7.0.0

 

Remediation

  • Please apply the update patches in your department devices immediately.

 

Reference

 

Enquiry

 

 

Published on: 12 Oct 2022