Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. An attacker can exploit the vulnerability to log into vulnerable devices.
“An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests,” reads the advisory issued by the company PSIRT.
The company urges customers of addressing this critical vulnerability immediately due to the risk of remote exploitation of the flaw.
The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0 are also impacted.
The cybersecurity firm addressed the flaw with the release of FortiOS/FortiProxy versions 7.0.7 or 7.2.2. The company also provided a workaround for those who can’t immediately deploy security updates.
