March 28, 2023

Fortinet addressed a critical authentication bypass flaw late last week, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies.

An attacker can exploit the vulnerability to log into vulnerable devices and can perform various operations on the admin plane via specially crafted HTTP and HTTPS requests.

Advertisements

Fortinet urges customers of addressing this critical vulnerability immediately due to the risk of remote exploitation of the flaw.

The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0 are also impacted.The company also provided a workaround for those who can’t immediately deploy security updates.

Customers that are not able to upgrade their systems should Disable HTTP/HTTPS administrative interface or Limit IP addresses that can reach it.

Fortinet confirmed today the critical authentication bypass vulnerability is being exploited in the wild.

Advertisements

A working POC exploit code also developed by the Security researchers at the Horizon3 Attack Team and due to release it later this week.

Tags:

1 thought on “Fortinet Critical Authentication Bypass Flaw exploited in wild

  1. Pingback: Fortinet Bug exploited in Wild ! Again a Warning - TheCyberThrone

Leave a Reply

You may have missed

Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
%d bloggers like this: