Fortinet warned that its FortiGate firewalls and FortiProxy web proxies may be affected by a recent vulnerability. The vulnerability allows cybercriminals to bypass authentication measures.

According to the security vendor, the issue involves CVE-2022-40684, a vulnerability that allows cybercriminals to bypass the authentication of administrative interfaces in FortiGate firewall and FortiProxy web proxy environments. Ultimately, the vulnerability lets cybercriminals access unpatched devices.

Authentication bypass

The bypass uses an alternate channel (CWE-88) in FortiProxy and operating system FortiOS. This allows cybercriminals to perform actions on the administrative interface via HTTP or HTTPS requests.

According to Fortinet, the vulnerability is very critical and should be addressed by customers immediately. The vulnerability is present in systems running FortiOS versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1, as well as FortiProxy versions 7.0.0 to 7.0.6 and 7.2.0. All corresponding devices should be updated to FortiOS 7.0.7 and FortiProxy 7.2.2 as soon as possible.

Workaround available

A workaround is available for companies that cannot implement the patch on short notice. The workaround was suggested by Fortinet and involves limiting the IP addresses that administrative interfaces can reach with a local-in policy. The security vendor also recommends disabling remote administrative interfaces to block attacks.

Tip: FortiEDR is more than EDR thanks to security fabric integration and pro-active monitoring