- 225/2022
- Critical
Fortinet has released security patches to fix a critical authentication bypass vulnerability across multiple products.
The mentioned vulnerability could allow the remote attacker to bypass security restrictions by sending specially crafted HTTP or HTTPS requests to log into unpatched devices and perform operations on the administrative interface.
Fortinet FortiOS and Fortinet FortiProxy security bypass (CVE-2022-40684):
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Bypass Security
Affected Products:
Product | Vulnerable Versions | Vulnerable Versions |
FortiOS | 7.0.0 to 7.0.6 7.2.0 to 7.2.1 | 7.0.7 7.2.2 |
FortiProxy | 7.0.0 to 7.0.6 7.2.0 | 7.0.7 7.2.1 |
Vulnerabilities
- CVE-2022-40684
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.