REDLEGG BLOG

Emergency Vulnerability Bulletin - 10/07/22

10/7/22 1:53 PM  |  by RedLegg Blog

Fortinet FortiOS & FortiProxy Authentication Bypass Vulnerability

Identifier: CVE-2022-40684

Exploit or POC: No

Update: https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues

https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/289806/resolved-issues

Description: CVE-2022-40684 allows a remote attacker to exploit this vulnerability independent of user interaction and authentication. This vulnerability allows an attacker to send specially crafted HTTP or HTTPS requests, to ultimately carry out processes on the administrative interface. Listed below are the vendor products impacted by the aforementioned vulnerability:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0

Mitigation recommendation: Patching is currently the only method of mitigation

RedLegg Action: None at this time.

Get Blog Updates

Related Articles

Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...
Emergency Security Bulletin - Citrix ADC and Citrix Gateway threat intel, 96bravo, Bulletin

Emergency Security Bulletin - Citrix ADC and Citrix Gateway

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin