Fortinet FortiGate FortiProxy - CVE-2022-40684

bypass authentication on Fortinet firewalls

If you are using a FortiGate firewall or a FortiProxy proxy, you should protect yourself against the CVE-2022-40684 security vulnerability now! Let’s take stock of this vulnerability that affects Fortinet customers.

The security flaw CVE-2022-40684 allows an unauthenticated attacker to remotely authenticate to a vulnerable Fortinet device by bypassing the system authentication page. Internet-accessible devices are particularly vulnerable to attacks. A search on Shodan reveals that there are over 100,000 FortiGate firewalls exposed on the Internet, worldwide, including in France. If the management interface is exposed, this security flaw represents a real danger for the company.

In his security bulletin, Fortinet describes the vulnerability this way: “An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy can allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

This vulnerability is present in different versions of FortiOS and FortiProxy systems:

  • FortiOS : from version 7.0.0 to 7.0.6 and from version 7.2.0 to 7.2.1
  • FortiProxy : from version 7.0.0 to 7.0.6 and version 7.2.0

How to protect against CVE-2022-40684 vulnerability?

Fortinet has released security patches to protect against this critical vulnerability. versions 7.0.7 and 7.2.2.

The multinational urges its customers to install the patch as soon as possible: “This is a critical vulnerability that needs to be addressed with the utmost urgency.” – In addition, Fortinet has notified its customers by e-mail to warn them of the existence of this vulnerability and the need to protect themselves quickly. For the moment, Fortinet has not specified whether the vulnerability is actively exploited or nope.

If you are unable to install the security patch quickly, a policy should be put in place to limit access to the administration interface so that this access is only possible from certain IP addresses .



#bypass #authentication #Fortinet #firewalls

Leave a Comment

Your email address will not be published. Required fields are marked *