07
Out 2022
Vulnerability Alert - Fortinet
TYPE
Vulnerabilities
SYSTEMS AFFECTED
FortiOS from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1; FortiProxy from 7.0.0 to 7.0.6 and 7.2.0; FortiSwitchManager versions 7.0.0 and 7.2.0
ECOSYSTEM
Other
Description
It was identified a critical vulnerability (CVE-2022-40684) where a malicious actor may bypass authentication on the administrative interface that could allow remote threat actors to log into unpatched devices.
Fortinet clients have access to more detailed informations in Customer Support Bulletin CSB-221006-1.
Impact
It allows an attacker to bypass authentication and perform operations on the administrative interface.
Resolution
It is recommended to perform an immediate upgrades to the most recent version.
Additionally, it is recommended to limit the IP addresses that can reach the administrative interface using a local-in-policy.
References