Fortinet has privately warned customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could allow attackers to perform unauthorized actions on susceptible devices.

tracked as CVE-2022-40684 (CVSS score: 9.6), the critical flaw is Authentication Bypass Vulnerability This could allow an unauthenticated adversary to perform arbitrary operations on the management interface via specially crafted HTTP(S) requests.

cyber security

This issue affects the following versions and is addressed in FortiOS versions: 7.0.7 When 7.2.2and FortiProxy versions 7.0.7 When 7.2.1 Released this week:

  • FortiOS – 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1
  • FortiProxy – 7.0.0 to 7.0.6 and 7.2.0

“Due to the remote exploitability of this issue, Fortinet strongly recommends that all customers using vulnerable versions upgrade immediately,” the company said. warned In an alert shared by a security researcher who goes by the alias Gitworm on Twitter.

As a temporary workaround, the company advises users to disable Internet-facing HTTPS management or apply firewall policies until the upgrade takes place.local in traffic.”

When asked for comment, Fortinet acknowledged the recommendation and said it would delay public notice until customers apply the fix.

cyber security

“Timely and ongoing communication with our customers is a key factor in maximizing the protection and protection of their organizations,” the company said in a statement shared with The Hacker News. “Communications with our customers often detail our latest guidance and recommended next steps to best protect and protect our organization.”

“Confidential advance customer communications may include early warning of recommendations to enable customers to further strengthen their security posture. This will be made available to a wider audience in the coming days. Customer security is our number one priority.”



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog