SECURITY ALERT: Authentication Bypass Security Vulnerability Found in Fortinet Firewalls and Web Proxies

October 10, 2022 | Posted in:

Security Bulletins & Alerts

Systems Engineering is aware of the following security vulnerability in Fortinet operating systems, FortiOS: CVE-2022-40684 / FG-IR-22-377.

Fortinet rated this vulnerability as a Critical Risk.  


In order to exploit this security flaw, an attacker would need to gain access to the HTTPS or HTTP management of the FortiOS devices running vulnerable versions. An unauthenticated attacker could gain unauthorized administrative firewall access via specially crafted HTTP or HTTPS requests.


FortiOS, FortiProxy, and FortiSwitchManager devices running 7.0.0-7.0.6 or 7.2.0-7.2.1 firmware

Course of Action

Systems Engineering recommends clients have their vulnerable Fortinet systems patched.

For SE EventWatch and SE Essentials customers, we will be patching these security flaws over the coming weeks to proactively address these critical vulnerabilities.

For all other clients, if you would like assistance patching an affected Fortinet system, please reach out to Customer Service to have a ticket opened to receive this vital security update.

Systems Engineering's Customer Service can be reached at customerservice@systemsengineering.com or 207.772.4199.