Fortinet on Monday revealed that the newly patched critical
security vulnerability impacting its firewall and proxy products is
being actively exploited in the wild.
Tracked as CVE-2022-40684[1]
(CVSS score: 9.6), the flaw relates to an authentication bypass in
FortiOS, FortiProxy, and FortiSwitchManager that could allow a
remote attacker to perform unauthorized operations on the
administrative interface via specially crafted HTTP(S)
requests.
“Fortinet is aware of an instance where this vulnerability was
exploited, and recommends immediately validating your systems
against the following indicator of compromise in the device’s logs:
user=’Local_Process_Access,'” the company noted[2]
in an advisory.
The list of impacted devices is below –
- FortiOS version 7.2.0 through 7.2.1
- FortiOS version 7.0.0 through 7.0.6
- FortiProxy version 7.2.0
- FortiProxy version 7.0.0 through 7.0.6
- FortiSwitchManager version 7.2.0, and
- FortiSwitchManager version 7.0.0
Updates have been released by the security company in FortiOS
versions 7.0.7 and 7.2.2, FortiProxy versions 7.0.7 and 7.2.1, and
FortiSwitchManager version 7.2.1.
The disclosure comes days after Fortinet sent[3]
“confidential advance customer communications” to its customer to
apply patches to mitigate potential attacks exploiting the
flaw.
If updating to the latest version isn’t an option, it’s
recommended users disable the HTTP/HTTPS administrative interface,
or alternatively limit IP addresses that can access the
administrative interface.
References
Read more https://thehackernews.com/2022/10/fortinet-warns-of-active-exploitation.html