REDLEGG BLOG

Emergency Vulnerability Bulletin - 10/07/22

10/7/22 1:53 PM  |  by RedLegg Blog

Fortinet FortiOS & FortiProxy Authentication Bypass Vulnerability

Identifier: CVE-2022-40684

Exploit or POC: No

Update: https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues

https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/289806/resolved-issues

Description: CVE-2022-40684 allows a remote attacker to exploit this vulnerability independent of user interaction and authentication. This vulnerability allows an attacker to send specially crafted HTTP or HTTPS requests, to ultimately carry out processes on the administrative interface. Listed below are the vendor products impacted by the aforementioned vulnerability:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0

Mitigation recommendation: Patching is currently the only method of mitigation

RedLegg Action: None at this time.

Get Blog Updates

Related Articles

Emergency Vulnerability Bulletin - 11/30/22 threat intel, 96bravo

Emergency Vulnerability Bulletin - 11/30/22

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Vulnerability Bulletin - 11/29/22 threat intel, 96bravo

Emergency Vulnerability Bulletin - 11/29/22

Oracle Fusion Middleware Unspecified Vulnerability Identifier: CVE-2022-35587 Exploit or POC: Yes (Actively Being ...
Critical Security Vulnerabilities Bulletin