Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical flaw, tracked as CVE-2022-40684, in Fortinet products.
In early October, Fortinet addressed the critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies.
The company explained that an attacker can exploit the vulnerability to log into vulnerable devices.
“An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests,” reads the customer support bulletin issued by the company.
The company urged customers to address this critical vulnerability immediately due to the risk of remote exploitation of the flaw.
The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1, and FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0
The cybersecurity firm addressed the flaw with the release of FortiOS/FortiProxy versions 7.0.7 or 7.2.2.
