Fortinet revealed the newly patched critical security vulnerability impacting three of their products FortiOS, FortiProxy, and FortiSwitchManager.
Fortinet revealed the newly patched critical security vulnerability impacting three of their products FortiOS, FortiProxy, and FortiSwitchManager.
FortiOS is the OS for the Fortinet security appliance(FortiGate firewalls), Fortiproxy is a secure web proxy, and FortiSwitchManager manages Fortinet's Ethernet Switches.
Due to the critical vulnerability, Fortinet warned the users to apply the latest updates to FortiGate Firewalls, FortiProxy web proxies, and Fortinet Ethernet switches. The security weakness(CVE-2022-40684) allows attackers to bypass authentication to the product's administration interfaces.
"Using specially crafted HTTP or HTTPS requests" allows an unauthenticated attacker to perform actions on the administrative interface, added Fortinet.
Affected products are:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: from 7.0.0 to 7.0.6 & 7.2.0
FortiSwitchManager: versions 7.0.0 to 7.2.0
"Due to the ability to exploit this issue remotely, Fortinet emailed and recommended customers and advised them to perform an immediate upgrade to the latest available versions."
Updates have been released in FortiOS versions 7.0.7 & 7.2.2, Fortiproxy versions 7.0.7 and 7.2.1 and FortiSwitchManager 7.2.1 or above.
More than 100,000 FortiGate firewalls are reachable from the internet, according to a shodan search. It is unknown if their management interfaces are also exposed.
The company advises checking the system for the presence of the following indicator of compromise in the device logs: user= "Local_Process_Access".
According to the Fortinet notices, if customers cannot update devices in a timely way, internet-facing HTTP, HTTPS administration should be immediately deactivated or restrict IP address that can reach interference until the upgrade is executed.
According to the post published by Horizon3.ai, an attacker can take up this vulnerability to do anything they want to the vulnerable system. This comprises changing network configurations, adding new users, and initiating packet captures.
Experts pointed out that there are other ways to exploit this vulnerability and there may be other sets of conditions that work. This means that threat actors could formulate their own exploit and use it in attacks in the wild, for this reason, it is essential to address the flaw immediately.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?