REDLEGG BLOG

Emergency Vulnerability Bulletin - 10/07/22

10/7/22 1:53 PM  |  by RedLegg Blog

Fortinet FortiOS & FortiProxy Authentication Bypass Vulnerability

Identifier: CVE-2022-40684

Exploit or POC: No

Update: https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues

https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/289806/resolved-issues

Description: CVE-2022-40684 allows a remote attacker to exploit this vulnerability independent of user interaction and authentication. This vulnerability allows an attacker to send specially crafted HTTP or HTTPS requests, to ultimately carry out processes on the administrative interface. Listed below are the vendor products impacted by the aforementioned vulnerability:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0

Mitigation recommendation: Patching is currently the only method of mitigation

RedLegg Action: None at this time.

Get Blog Updates

Related Articles

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools threat intel, 96bravo

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity & Infrastructure ...
Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin