December 6, 2023

Fortinet addressed a critical authentication bypass flaw late last week, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies.

An attacker can exploit the vulnerability to log into vulnerable devices and can perform various operations on the admin plane via specially crafted HTTP and HTTPS requests.

Advertisements

Fortinet urges customers of addressing this critical vulnerability immediately due to the risk of remote exploitation of the flaw.

The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0 are also impacted.The company also provided a workaround for those who can’t immediately deploy security updates.

Customers that are not able to upgrade their systems should Disable HTTP/HTTPS administrative interface or Limit IP addresses that can reach it.

Fortinet confirmed today the critical authentication bypass vulnerability is being exploited in the wild.

Advertisements

A working POC exploit code also developed by the Security researchers at the Horizon3 Attack Team and due to release it later this week.

Tags:

1 thought on “Fortinet Critical Authentication Bypass Flaw exploited in wild

  1. Pingback: Fortinet Bug exploited in Wild ! Again a Warning - TheCyberThrone

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023

23andMe Breach affected 14K Customers

December 3, 2023
%d