Critical Fortinet Vulnerability Ahead
Last Updated: 2022-10-07 14:34:23 UTC
by Xavier Mertens (Version: 1)
Fortinet has contacted its customers to update as soon as possible to the latest version of their firewall (Fortigate) and proxies (FortiProxy) to fix a critical vulnerability. Assigned CVE-2022-40684, it is related to an authentication bypass on the administrative interface.
Affected products are:
- FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
- FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
If you can't upgrade now, a good recommendation is to block access from unknown IP addresses to the affected products.
As usual, this notification arises just before the weekend. If you have Fortinet products managed by a 3rd party, we also recommended you to cross-check with them to ensure the upgrade will be performed.
Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant