IT and Cybersecurity News

SECURITY ALERT: Authentication Bypass Security Vulnerability Found in Fortinet Firewalls and Web Proxies

Written by Systems Engineering | October 10, 2022

Systems Engineering is aware of the following security vulnerability in Fortinet operating systems, FortiOS: CVE-2022-40684 / FG-IR-22-377.

Fortinet rated this vulnerability as a Critical Risk.  

Description

In order to exploit this security flaw, an attacker would need to gain access to the HTTPS or HTTP management of the FortiOS devices running vulnerable versions. An unauthenticated attacker could gain unauthorized administrative firewall access via specially crafted HTTP or HTTPS requests.

Scope

FortiOS, FortiProxy, and FortiSwitchManager devices running 7.0.0-7.0.6 or 7.2.0-7.2.1 firmware

Course of Action

Systems Engineering recommends clients have their vulnerable Fortinet systems patched.

For SE EventWatch and SE Essentials customers, we will be patching these security flaws over the coming weeks to proactively address these critical vulnerabilities.

For all other clients, if you would like assistance patching an affected Fortinet system, please reach out to Customer Service to have a ticket opened to receive this vital security update.

Systems Engineering's Customer Service can be reached at customerservice@systemsengineering.com or 207.772.4199.