Systems Engineering is aware of the following security vulnerability in Fortinet operating systems, FortiOS: CVE-2022-40684 / FG-IR-22-377.
Fortinet rated this vulnerability as a Critical Risk.
Description
In order to exploit this security flaw, an attacker would need to gain access to the HTTPS or HTTP management of the FortiOS devices running vulnerable versions. An unauthenticated attacker could gain unauthorized administrative firewall access via specially crafted HTTP or HTTPS requests.
Scope
FortiOS, FortiProxy, and FortiSwitchManager devices running 7.0.0-7.0.6 or 7.2.0-7.2.1 firmware
Course of Action
Systems Engineering recommends clients have their vulnerable Fortinet systems patched.
For SE EventWatch and SE Essentials customers, we will be patching these security flaws over the coming weeks to proactively address these critical vulnerabilities.
For all other clients, if you would like assistance patching an affected Fortinet system, please reach out to Customer Service to have a ticket opened to receive this vital security update.
Systems Engineering's Customer Service can be reached at customerservice@systemsengineering.com or 207.772.4199.
