TT-CSIRT-407.07.10.22: FortiOS Critical Security Vulnerability

TT-CSIRT-407.07.10.22: FortiOS Critical Security Vulnerability

Updated 10/10/2022 – Fortinet has issued an official PSIRT advisory that includes workaround steps for those who cannot immediately update their assets: https://www.fortiguard.com/psirt/FG-IR-22-377

Note that updating your device continues to be the preferred recommended action by TT-CSIRT.

Original Advisory:

Fortinet has released security updates to address a critical vulnerability in its FortiOS (and subsequently FortiGate) and FortiProxy products. This is a critical authentication bypass vulnerability that received a CVSSv3 score of 9.6. By sending specially crafted HTTP or HTTPS requests to a vulnerable target, a remote attacker with access to the management interface could perform administrator operations.

While Fortinet has not yet issued an official PSIRT advisory, TT-CSIRT strongly encourages administrators to review the following release from Tenable and apply the necessary updates immediately:

https://www.tenable.com/blog/cve-2022-40684-critical-authentication-bypass-in-fortios-and-fortiproxy

Quick Navigation

Partner Agencies

Subscribe to Stay Updated!

Subscribe

Follow on social media:

Facebook-f X-twitter Linkedin-in Instagram