Security
Headlines
HeadlinesLatestCVEs

Headline

Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln

The bug is under active exploitation; Fortinet issued a customer advisory urging customers to apply its update immediately.

DARKReading
#vulnerability#web#ios#auth#sap

UPDATE

A Fortinet bug disclosed last week is now under active exploitation.

Fortinet on Friday warned that users of its FortGate firewall and FortiProxy Web proxies should apply the latest updates to their products ASAP due to a critical vulnerability that could allow an attacker to bypass authentication to the products’ administration interfaces.

On Monday, the security firm updated the advisory to note that it’s now aware of instances of the bug being exploited in the wild.

An exploit would in effect give an attacker administrative control of the network devices. The flaw, CVE-2022-40684, affects FortiOS versions 7.0.0 to 7.06 and 7.20 to 7.2.1, and FortiProxy versions 7.0.0 to 7.0.6 and 7.2.0, and could allow an attacker to use “specially crafted HTTP or HTTPS requests” to execute admin operations, according to Fortinet.

“Due to the ability to exploit this issue remotely Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade,” Fortinet said in its advisory, which was cited on Twitter.

SANS Internet Storm Center (ISC), which reported the advisory, provided additional advice: “If you have Fortinet products managed by a 3rd party, we also recommended you to cross-check with them to ensure the upgrade will be performed,” SANS Interior Storm Center handler Xavier Mertens said in a post in the ISC Diary.

“We are committed to the security of our customers. Fortinet recently distributed a PSIRT advisory (FG-IR-22-377) that details mitigation guidance for customers and recommended next steps," according to a Fortinet media statement. "We continue to monitor the situation and have been proactively communicating to customers, strongly urging them to immediately follow the guidance provided in connection with CVE-2022-40684.”

This article was updated at 2 p.m. on Oct. 10 to include information on the bug’s active exploitation in the wild, and at 11 a.m. Oct. 11 to include Fortinet’s media statement.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related news

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on

Researchers Develop Exploit Code for Critical Fortinet VPN Bug

Some 340,000 FortiGate SSL VPN appliances remain exposed to the threat more than three weeks after Fortinet released firmware updates to address the issue.

Fortinet: Patched Critical Flaw May Have Been Exploited

Users urged to apply updates to FortiOS SSL-VPN after attackers may have leveraged a recently discovered vulnerability in attacks against government, manufacturing, and critical infrastructure organizations.

Fortinet 7.2.1 Authentication Bypass

Fortinet FortiOS, FortiProxy, and FortiSwitchManager version 7.2.1 suffers from a authentication bypass vulnerability.

Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company said

Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw

The vulnerability, disclosed In October, gives an unauthenticated attacker a way to take control of an affected product.

Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

By Waqas The flaw is tracked as CVE-2022-40684 in FortiOS, while its exploit is being sold on a popular Russian hacker forum. This is a post from HackRead.com Read the original post: Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.

CVE-2022-40684: Fortiguard

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows

The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.

PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks

A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.ai researcher James Horseman said. "Additionally, a user can

Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative

Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684, the high-severity flaw relates to an authentication bypass vulnerability that could permit an unauthenticated adversary to perform arbitrary operations on

DARKReading: Latest News

Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel