FortiOS / FortiProxy / FortiSwitchManager – Authentication Bypass (CVE-2022-40684)

We would like to bring to your attention a newly discovered authentication bypass vulnerability within FortiOS, FortiProxy and FortiSwitchManager. This vulnerability is currently being actively exploited.

An authentication bypass has been identified using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager which allows an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. The vulnerability has been issued the identifier CVE-2022-40684 and has been given a CVSS score of 9.6.

Affected Products

• FortiOS version 7.2.0 through 7.2.1

• FortiOS version 7.0.0 through 7.0.6

• FortiProxy version 7.2.0

• FortiProxy version 7.0.0

• FortiSwitchManager version 7.2.0

• FortiSwitchManager version 7.0.0

Detection

The current version of FortiOS / FortiGate can be checked with the following command, and should be checked against the known affected products above:

get system status

Additional Fortinet recommend to check the device’s log for the following strings to help detected compromised devices:

• user=”Local_Process_Access”

• user_interface=”Node.js”

• user_interface=”Report Runner”

Exploited hosts may show records for these strings.

Remediation

Whilst a workaround has been provided, current best guidance for remediating this issue to to update to an unaffected version.

• FortiOS should be updated to version 7.2.2 or above and version 7.0.7 or above.

• FortiProxy should be updated to version 7.2.1 or above and version 7.0.7 or above.

• FortiSwitchManager should be updated to version 7.2.1 or above.

References

• https://www.fortiguard.com/psirt/FG-IR-22-377

• https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/

• https://nvd.nist.gov/vuln/detail/CVE-2022-40684

TechRound names CovertSwarm among the Top 20 Cybersecurity companies

The leading tech publisher recently released its inaugural Cybersecurity40 winners, celebrating the most innovative cybersecurity companies and initiatives across the UK and Europe.

The trials and tribulations of secure software development

Discover effective strategies for managing third-party libraries, tackling security challenges & handling technical debt in secure software development.

CovertSwarm launches in-house Academy Program

Socially-focused initiative has been designed to make a career in cybersecurity more accessible than ever before