"Fortinet Customers Told to Urgently Patch Remotely Exploitable Vulnerability"

Fortinet has recently published a public advisory about a critical and remotely exploitable vulnerability that poses a significant risk to its customers.  The advisory noted that FortiOS and FortiProxy products are affected by a critical authentication bypass vulnerability on the admin interface.  The issue is tracked as CVE-2022-40684.   The company noted that the flaw could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.  The company has instructed customers to immediately update their products due to attackers being able to remotely exploit the vulnerability.  FortiOS versions between 7.0.0 and 7.0.6, and between 7.2.0 and 7.2.1 are affected, as well as FortiProxy 7.0.0 through 7.0.6 and 7.2.0. FortiOS patches are included in versions 7.0.7 and 7.2.2, and fixes for FortiProxy are included in 7.0.7 and 7.2.1.  There have also been some unconfirmed reports that versions 6.x.x could also be impacted.  The company noted that users can also prevent attacks by ensuring that only trusted IP addresses can reach the affected products’ administrative interface.  While it is currently unclear if attacks exploiting CVE-2022-40684 have already begun, it’s not uncommon for threat actors to target vulnerabilities in Fortinet products.  The company has also informed customers about another vulnerability, CVE-2022-33873, which allows an unauthenticated, remote attacker to execute arbitrary commands in the underlying shell.
 

SecurityWeek reports: "Fortinet Customers Told to Urgently Patch Remotely Exploitable Vulnerability"