Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln

The bug is under active exploitation; Fortinet issued a customer advisory urging customers to apply its update immediately.

UPDATE
A Fortinet bug disclosed last week is now under active exploitation.
Fortinet on Friday warned that users of its FortGate firewall and FortiProxy Web proxies should apply the latest updates to their products ASAP due to a critical vulnerability that could allow an attacker to bypass authentication to the products administration interfaces.
On Monday, the security firm updated the advisory to note that its now aware of instances of the bug being exploited in the wild.
An exploit would in effect give an attacker administrative control of the network devices. The flaw,
CVE-2022-40684
, affects FortiOS versions 7.0.0 to 7.06 and 7.20 to 7.2.1, and FortiProxy versions 7.0.0 to 7.0.6 and 7.2.0, and could allow an attacker to use specially crafted HTTP or HTTPS requests to execute admin operations, according to Fortinet.
Due to the ability to exploit this issue remotely Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade, Fortinet said
in its advisory
, which was cited on Twitter.
SANS Internet Storm Center (ISC), which reported the advisory, provided additional advice: If you have Fortinet products managed by a 3rd party, we also recommended you to cross-check with them to ensure the upgrade will be performed, SANS Interior Storm Center handler Xavier Mertens said in
a post in the ISC Diary
.
“We are committed to the security of our customers. Fortinet recently distributed a PSIRT advisory (
FG-IR-22-377
) that details mitigation guidance for customers and recommended next steps, according to a Fortinet media statement. We continue to monitor the situation and have been proactively communicating to customers, strongly urging them to immediately follow the guidance provided in connection with CVE-2022-40684.”
This article was updated at 2 p.m. on Oct. 10 to include information on the bugs active exploitation in the wild, and at 11 a.m. Oct. 11 to include Fortinets media statement.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln