RedLegg CTI

2 min read

Emergency Vulnerability Bulletin - 10/07/22

https://www.redlegg.com/hubfs/Theme-2024/overlay-red.png featured image

TABLE OF CONTENTS

By: RedLegg Blog

Fortinet FortiOS & FortiProxy Authentication Bypass Vulnerability

Identifier: CVE-2022-40684

Exploit or POC: No

Update: https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues

https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/289806/resolved-issues

Description: CVE-2022-40684 allows a remote attacker to exploit this vulnerability independent of user interaction and authentication. This vulnerability allows an attacker to send specially crafted HTTP or HTTPS requests, to ultimately carry out processes on the administrative interface. Listed below are the vendor products impacted by the aforementioned vulnerability:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0

Mitigation recommendation: Patching is currently the only method of mitigation

RedLegg Action: None at this time.

Similar Blogs

Hands around a Ouija board
Threat Intelligence RedLegg CTI

Summoning Cyber Awareness: Exorcising the Malevolent Realm...

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity &...

Read More
96 Bravo Critical Security Bulletin
RedLegg CTI

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however,...

Read More
Emergency Security Bulletin | RedLegg | 96Bravo
Threat Intelligence RedLegg CTI

Emergency Security Bulletin - Citrix ADC and Citrix Gateway

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release...

Read More
Connect with Us
(312) 757-4941
Contact Us
©2024, RedLegg | Privacy Policy