Fortinet - CVE-2022-40684 - Attaques

an exploit is available!

For the past few days, the critical security flaw CVE-2022-40684 affecting Fortinet customers has been making a lot of noise. The bad news is that there is a PoC exploit to demonstrate how to exploit this vulnerability! For latecomers, it becomes really urgent to apply the official patch!

As a reminder, the security breach CVE-2022-40684 allows to an unauthenticated attacker to authenticate remotely on a vulnerable Fortinet device by bypassing the system authentication phase. It is present in the system administration interface of several Fortinet products: firewalls FortiGateweb proxies FortiProxy and instances FortiSwitch Manager.

The equipment includingmanagement interface is exposed on the Internet are particularly vulnerable ! A search on Shodan found that there were over 100,000 FortiGate firewalls exposed on the Internet worldwide.

A PoC exploit for CVE-2022-40684

Security researchers at Horizon3.ai have posted a PoC (Proof-of-concept) exploit and additional technical details about this vulnerability.

In the report posted online and available at this addresswe can read : “An attacker can use this vulnerability to do almost anything on the vulnerable system. This includes changing network configurations, adding new users, and capturing packets.” – Suffice to say that by exploiting this vulnerability, we can get a foothold in the company that uses a vulnerable device.

This security flaw is used in attacks, and now that a PoC exploit is available, the situation should get worse! On his side, the US agency CISA has added this security flaw to its list of exploited vulnerabilities in attacks. It is also a sign.

How to protect against CVE-2022-40684 vulnerability?

About the affected versions, here is what Fortinet tells us in its safety bulletin :

  • FortiOS : version 7.2.0 to 7.2.1
  • FortiOS : version 7.0.0 to 7.0.6
  • FortiProxy : version 7.2.0
  • FortiProxy : version 7.0.0 to 7.0.6
  • FortiSwitchManager : version 7.2.0
  • FortiSwitchManager : version 7.0.0

Note: For FortiOS, versions 5.x, 6.x are NOT impacted

And to protect yourself, here are the versions to install:

  • Upgrade to FortiOS 7.2.2 or higher
  • Upgrade to FortiOS version 7.0.7 or higher
  • Upgrade to FortiProxy version 7.2.1 or higher
  • Upgrade to FortiProxy version 7.0.7 or higher
  • Upgrade to FortiSwitchManager version 7.2.1 or higher

To your updates!

Source

Entreprise,Sécurité,Fortinet,

#exploit

Leave a Comment

Your email address will not be published. Required fields are marked *