We would like to bring to your attention a newly discovered authentication bypass vulnerability within FortiOS, FortiProxy and FortiSwitchManager. This vulnerability is currently being actively exploited.
An authentication bypass has been identified using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager which allows an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. The vulnerability has been issued the identifier CVE-2022-40684 and has been given a CVSS score of 9.6.
Affected Products
-
FortiOS version 7.2.0 through 7.2.1
-
FortiOS version 7.0.0 through 7.0.6
-
FortiProxy version 7.2.0
-
FortiProxy version 7.0.0
-
FortiSwitchManager version 7.2.0
-
FortiSwitchManager version 7.0.0
Detection
The current version of FortiOS / FortiGate can be checked with the following command, and should be checked against the known affected products above:
get system status
Additional Fortinet recommend to check the device’s log for the following strings to help detected compromised devices:
-
user=”Local_Process_Access”
-
user_interface=”Node.js”
-
user_interface=”Report Runner”
Exploited hosts may show records for these strings.
Remediation
Whilst a workaround has been provided, current best guidance for remediating this issue to to update to an unaffected version.
-
FortiOS should be updated to version 7.2.2 or above and version 7.0.7 or above.
-
FortiProxy should be updated to version 7.2.1 or above and version 7.0.7 or above.
-
FortiSwitchManager should be updated to version 7.2.1 or above.
References
![](https://www.covertswarm.com/wp-content/uploads/2024/06/2024-Academy-Intake-3-640x320.png)
Academy Launches Second Intake
CovertSwarm’s Academy is opening the 2024 intake. Apply and start your cybersecurity journey as an ethical hacker.
![DORA & NIS2 European Flag](https://www.covertswarm.com/wp-content/uploads/2024/05/DORA-and-NIS2-European-Flag-640x320.png)
Combining regulation with real-world security assurance: DORA and NIS2
Whether you’re a local financial startup or a multinational food distributor, understanding how DORA and NIS2 may affect your organization is vital. With implementation dates just…
![](https://www.covertswarm.com/wp-content/uploads/2024/05/Clutch-100-fastest-growth-640x320.png)
CovertSwarm named by Clutch among Top 100 Fastest-Growing Companies
Clutch has recognized us for achieving one of the highest revenue growth rates from 2022 to 2023.