Fortinet FortiOS & FortiProxy Authentication Bypass Vulnerability
Identifier: CVE-2022-40684
Exploit or POC: No
Update: https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues
https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/289806/resolved-issues
Description: CVE-2022-40684 allows a remote attacker to exploit this vulnerability independent of user interaction and authentication. This vulnerability allows an attacker to send specially crafted HTTP or HTTPS requests, to ultimately carry out processes on the administrative interface. Listed below are the vendor products impacted by the aforementioned vulnerability:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
Mitigation recommendation: Patching is currently the only method of mitigation
RedLegg Action: None at this time.