REDLEGG BLOG

Emergency Vulnerability Bulletin - 10/07/22

10/7/22 1:53 PM  |  by RedLegg Blog

Fortinet FortiOS & FortiProxy Authentication Bypass Vulnerability

Identifier: CVE-2022-40684

Exploit or POC: No

Update: https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues

https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/289806/resolved-issues

Description: CVE-2022-40684 allows a remote attacker to exploit this vulnerability independent of user interaction and authentication. This vulnerability allows an attacker to send specially crafted HTTP or HTTPS requests, to ultimately carry out processes on the administrative interface. Listed below are the vendor products impacted by the aforementioned vulnerability:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0

Mitigation recommendation: Patching is currently the only method of mitigation

RedLegg Action: None at this time.

Get Blog Updates

Related Articles

Patch Tuesday Recap - March 2023 threat intel, 96bravo, Bulletin

Patch Tuesday Recap - March 2023

About: In an effort to provide additional value to our customers RedLegg will be releasing monthly security bulletins ...
Emergency Vulnerability Bulletin - 02/06/23 threat intel, 96bravo, Bulletin

Emergency Vulnerability Bulletin - 02/06/23

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin