Fortinet addressed a critical vulnerability that gave remote access to numerous services and was being exploited by threat actors in the wild.
The company described the vulnerability as an authentication bypass on the admin interface, allowing unauthenticated users to connect to FortiProxy web proxies, FortiGate firewalls, and FortiSwitch Manager on-prem management instances. Specifically, the flaw (CVE-2022-40684) is an authentication bypass on the administrative interface that allows remote threat actors access to the previously mentioned services.
In a customer support bulletin released today, Fortinet explains that "an authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests."
The company stated, "This is a critical vulnerability and should be addressed with the utmost urgency."
Fortinet advised customers using the vulnerable versions to upgrade immediately since it is possible to exploit the problem remotely.
Over 100,000 FortiGate firewalls may be accessed from the Internet, according to a Shodan search; however, it's uncertain if their control interfaces are also affected.
In addition, the business stated that the fix was deployed on Thursday and alerted some of its clients via email, asking them to disable remote management user interfaces "immediately."
A few days after issuing the fix, the business provided more information, stating it had discovered proof of at least one real-world campaign using the flaw.
According to the company, "Fortinet is aware of an instance where this vulnerability was exploited and recommended immediately validating your systems against the following indicator of compromise in the device's logs: user="Local_Process_Access."
The following products are susceptible to attacks attempting to exploit the CVE-2022-40 flaw:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
FortiSwitchManager: Versions 7.0.0 and 7.2.0
In today's customer support advisory, Fortinet stated that susceptible devices should be updated to FortiOS 7.0.7 or 7.2.2 and above, FortiProxy 7.0.7 or 7.2.1 and above, and FortiSwitchManager 7.2.1 or above after the company published security fixes on Thursday.
The Fortinet CVE-2022-40684 authentication bypass vulnerability is a critical flaw that allows remote access to numerous services. The company has released security fixes and advises customers to upgrade immediately. Additionally, Fortinet recommends that the internet-facing HTTPS Administration be immediately deactivated until the upgrade can be completed.
If this tip helps and you would like to donate click on the button. Thanks In Advance
________________________________________________________________________________________________________
"Fortune Favors, Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
