"Experts Released PoC Exploit Code for Critical Bug CVE-2022-40684 in Fortinet Products"
Security researchers have released a proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) in FortiGate firewalls and FortiProxy web proxies. The flaw affects FortiOS versions 7.0.0 to 7.0.6, as well as 7.2.0 to 7.2.1. FortiOS/FortiProxy versions 7.0.7 or 7.2.2 were released to address the vulnerability. The company also provided a workaround for those who are unable to deploy security updates immediately. An attacker can use the flaw to gain access to vulnerable devices. It may allow an unauthenticated attacker to perform administrative interface operations using specially crafted HTTP or HTTPS requests. Due to the risk of remote exploitation, the company strongly advises customers to address this critical vulnerability as soon as possible. The public release of the PoC exploit code may spark a wave of attacks against Fortinet devices. Horizon3 Attack Team researchers have released PoC exploit code for the vulnerability. This article continues to discuss the critical bug discovered in Fortinet products and the PoC exploit code released for it.