Fortinet has contacted its customers to update as soon as possible to the latest version of their firewall (Fortigate) and proxies (FortiProxy) to fix a critical vulnerability. Assigned %%cve:2022-40684%%, it is related to an authentication bypass on the administrative interface.
Affected products are:
- FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
- FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
If you can’t upgrade now, a good recommendation is to block access from unknown IP addresses to the affected products.
As usual, this notification arises just before the weekend. If you have Fortinet products managed by a 3rd party, we also recommended you to cross-check with them to ensure the upgrade will be performed.
Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.