Analysis
On 3rd October Fortinet issued an advisory to its customers to update their products to the latest version, as most of the products from Fortinet are found to be vulnerable to Remote authentication vulnerability, with the exploitation of the vulnerability the threat actor can gain access to the administrative interface of the vulnerable products.
The exploitation of the vulnerability is seen in the wild and Fortinet is aware of the exploitation of this vulnerability, it was found to be the threat actor crafts the http/https request to exploit the vulnerability, the weakness associated in the product is CWE-288 (Authentication Bypass Using an Alternate Path or Channel).
The vulnerability was classified as CVE-2022-40684 in the Common Vulnerability and exposures vulnerability database, which has a severity of “Critical” and a vulnerability score of 9.6 as per CVSS v3.1(Common vulnerability scoring system).
Vulnerable Products
- FortiOS : 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
- FortiProxy : 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
- FortiSwitchManager : 7.2.0, 7.0.0
Prevention
Upgrade to,
- FortiOS version 7.2.2 or above
- FortiOS version 7.0.7 or above
- FortiProxy version 7.2.1 or above
- FortiProxy version 7.0.7 or above
- FortiSwitchManager version 7.2.1 or above
Follow the remediation steps provided from the below link, https://www.fortiguard.com/psirt/FG-IR-22-377
References
Rapid7