Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln

  /     /     /  
Publicated : 23/11/2024   Category : security


Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln


The bug is under active exploitation; Fortinet issued a customer advisory urging customers to apply its update immediately.



UPDATE
A Fortinet bug disclosed last week is now under active exploitation. 
Fortinet on Friday warned that users of its FortGate firewall and FortiProxy Web proxies should apply the latest updates to their products ASAP due to a critical vulnerability that could allow an attacker to bypass authentication to the products administration interfaces. 
On Monday, the security firm updated the advisory to note that its now aware of instances of the bug being exploited in the wild.
An exploit would in effect give an attacker administrative control of the network devices. The flaw, 
CVE-2022-40684
, affects FortiOS versions 7.0.0 to 7.06 and 7.20 to 7.2.1, and FortiProxy versions 7.0.0 to 7.0.6 and 7.2.0, and could allow an attacker to use specially crafted HTTP or HTTPS requests to execute admin operations, according to Fortinet.
Due to the ability to exploit this issue remotely Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade, Fortinet said
in its advisory
, which was cited on Twitter.
SANS Internet Storm Center (ISC), which reported the advisory, provided additional advice: If you have Fortinet products managed by a 3rd party, we also recommended you to cross-check with them to ensure the upgrade will be performed, SANS Interior Storm Center handler Xavier Mertens said in
a post in the ISC Diary
.
“We are committed to the security of our customers. Fortinet recently distributed a PSIRT advisory (
FG-IR-22-377
) that details mitigation guidance for customers and recommended next steps, according to a Fortinet media statement. We continue to monitor the situation and have been proactively communicating to customers, strongly urging them to immediately follow the guidance provided in connection with CVE-2022-40684.”
This article was updated at 2 p.m. on Oct. 10 to include information on the bugs active exploitation in the wild, and at 11 a.m. Oct. 11 to include Fortinets media statement.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln