Fortinet Advisory about an authentication bypass vulnerability CVE-2022-40684

Posted on 2022-10-13 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]There is an authentication bypass vulnerability CVE-2022-40684 in the FortiGate firewalls, FortiProxy web proxies and FortiSwitch Manager (FSWM) that allows attackers to access the products without authentication. Fortinet had already warned in early October 2022 – but attacks on the systems are probably taking place in the meantime. Administrators should check the affected products for compromise as soon as possible and secure the systems.

Advertising

Fortinet has published the security warning FG-IR-22-377 (FortiOS / FortiProxy / FortiSwitchManager – Authentication bypass on administrative interface)  on October 10, 2022.CVE-2022-40684 allows authentication bypass using an alternate path or channel. Therefore, in FortiOS, FortiProxy, and FortiSwitchManager, an unauthenticated attacker can succeed in performing operations on the administrative interface via specially crafted HTTP or HTTPS requests. Vulnerable to the vulnerability are firmware versions including:

  • FortiOS : 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
  • FortiProxy : 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
  • FortiSwitchManager : 7.2.0, 7.0.0

Fortinet is aware of one case where this vulnerability has been exploited and recommends immediately scanning systems for a compromise in the device's logs using the following indicator:

user="Local_Process_Access"

customer support. Firmware updates are available from the vendor to update FortiOS. Subsequent versions eliminate the vulnerability:

  • FortiOS 7.2.2 or higher
  • FortiOS 7.0.7 or higher
  • FortiProxy 7.2.1 or higher
  • FortiProxy 7.0.7 or higher
  • FortiSwitchManager 7.2.1 or higher

To secure existing systems against such attacks, the vendor recommends disabling the HTTP/HTTPS management interface. Alternatively, IP addresses with access to the administrative interface should be limited. Details on this can be found in security alert FG-IR-22-377.

Advertising

Fortinet CVE-2022-40684 Addendum: According to the tweet above, Horizon AI has published a detailled analysis of the vulnerability and a Proof of Concept.

Cookies helps to fund this blog: Cookie settings
Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *