Fortinet Security Advisory – Critical Authentication Bypass in FortiOS

Today Fortinet announced a critical authentication bypass in its FortiGate products that could lead to administrator access.  This vulnerability, CVE-2022-40684, has been patched and admins are advised to upgrade or implement workaround safeguards immediately.

The communications Fortinet sent to customers indicate that the newer FortiOS 7 releases are vulnerable and have stated the safe versions to use:

ProductVulnerable VersionsFixed Version
FortiOS
(Fortigate)

7.0.0 to 7.0.6

7.2.0 to 7.2.1

7.0.7

7.2.2

The workaround is to ensure HTTPS management is disabled on public or untrusted interfaces, or to create trust lists of IPs that are permitted to access the management page.

Clients of Advanced Data that are on our Flat Fee IT or Hosted Firewall offerings have been remediated by either the patch or the trust list methods.

 

 

Tags

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

Related articles

Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We Schedule a call at your convenience 

2

We perform a discovery of your current and future needs

3

We prepare a proposal