Threat actors are exploiting vulnerabilities in Fortinet products. Here's what you need to know.
On October 7th, 2022, Fortinet sent an advisory bulletin to clients detailing a critical security flaw (CVE-2022-40684). The vulnerability allows for authentication bypass in certain versions of FortiOS and FortiProxy. Security patches have been released and should be applied as soon as possible.
Quick facts: what you need to know now
- The vulnerability affects:
FortiOS version 7.2.0 through 7.2.1
FortiOS version 7.0.0 through 7.0.6
FortiProxy version 7.2.0
FortiProxy version 7.0.0 through 7.0.6
FortiSwitchManager version 7.2.0
FortiSwitchManager version 7.0.0
FortiOS versions 5.x, 6.x are NOT impacted.
It is unknown at this time whether CVE-2022-40684 is currently being exploited by threat actors.
- A proof-of-concept (PoC) exploit was released by security researchers.
- A remote attacker is able to bypass authentication and perform operations on the administrative interface. From there the attacker would be able to alter settings and configurations, conduct further exploitation and potentially move around the network.
- CISA added CVE-2022-40684 to its Known Exploited Vulnerabilities (KEV) catalog.
Next Steps for All Fortinet Customers:
- Download and install the latest version of the affected products, 7.0.7 or 7.2.2.
- If unable to patch, Fortinet recommends blocking attacks by limiting the IP addresses that can reach the administrative interface using a local-in-policy.
- Check this article periodically over the next few weeks as we will keep it updated as more information becomes available.
If you have any questions, please reach out to the Risk + Response Team at firstname.lastname@example.org!