{"id":26980,"date":"2022-10-13T14:53:34","date_gmt":"2022-10-13T12:53:34","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=26980"},"modified":"2022-10-13T23:23:04","modified_gmt":"2022-10-13T21:23:04","slug":"fortinet-warnung-vor-schwachstelle-cve-2022-40684","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/10\/13\/fortinet-warnung-vor-schwachstelle-cve-2022-40684\/","title":{"rendered":"Fortinet Advisory about an authentication bypass vulnerability CVE-2022-40684"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/10\/13\/fortinet-warnung-vor-schwachstelle-cve-2022-40684\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]There is an authentication bypass vulnerability CVE-2022-40684 in the FortiGate firewalls, FortiProxy web proxies and FortiSwitch Manager (FSWM) that allows attackers to access the products without authentication. Fortinet had already warned in early October 2022 &#8211; but attacks on the systems are probably taking place in the meantime. Administrators should check the affected products for compromise as soon as possible and secure the systems.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/a52cee2a8608485c9fc95c2ea3eb7712\" alt=\"\" width=\"1\" height=\"1\" \/>Fortinet has published the security warning <a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-377\" target=\"_blank\" rel=\"noopener\">FG-IR-22-377<\/a> (FortiOS \/ FortiProxy \/ FortiSwitchManager &#8211; Authentication bypass on administrative interface)\u00a0 on October 10, 2022.<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-40684\" target=\"_blank\" rel=\"noopener\">CVE-2022-40684<\/a> allows authentication bypass using an alternate path or channel. Therefore, in FortiOS, FortiProxy, and FortiSwitchManager, an unauthenticated attacker can succeed in performing operations on the administrative interface via specially crafted HTTP or HTTPS requests. Vulnerable to the vulnerability are firmware versions including:<\/p>\n<ul>\n<li>FortiOS : 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0<\/li>\n<li>FortiProxy : 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0<\/li>\n<li>FortiSwitchManager : 7.2.0, 7.0.0<\/li>\n<\/ul>\n<p>Fortinet is aware of one case where this vulnerability has been exploited and recommends immediately scanning systems for a compromise in the device's logs using the following indicator:<\/p>\n<p>user=\"Local_Process_Access\"<\/p>\n<p>customer support. Firmware updates are available from the vendor to update FortiOS. Subsequent versions eliminate the vulnerability:<\/p>\n<ul>\n<li>FortiOS 7.2.2 or higher<\/li>\n<li>FortiOS 7.0.7 or higher<\/li>\n<li>FortiProxy 7.2.1 or higher<\/li>\n<li>FortiProxy 7.0.7 or higher<\/li>\n<li>FortiSwitchManager 7.2.1 or higher<\/li>\n<\/ul>\n<p>To secure existing systems against such attacks, the vendor recommends disabling the HTTP\/HTTPS management interface. Alternatively, IP addresses with access to the administrative interface should be limited. Details on this can be found in security alert <a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-377\" target=\"_blank\" rel=\"noopener\">FG-IR-22-377<\/a>.<\/p>\n<p><a href=\"https:\/\/twitter.com\/Horizon3Attack\/status\/1580602337064030208\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" title=\"Fortinet CVE-2022-40684\" src=\"https:\/\/i.imgur.com\/9IdK1iV.png\" alt=\"Fortinet CVE-2022-40684\" width=\"592\" height=\"694\" \/><\/a> <strong>Addendum:<\/strong> According to the <a href=\"https:\/\/twitter.com\/Horizon3Attack\/status\/1580602337064030208\" target=\"_blank\" rel=\"noopener\">tweet<\/a> above, Horizon AI has published a detailled analysis of the vulnerability and a Proof of Concept.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]There is an authentication bypass vulnerability CVE-2022-40684 in the FortiGate firewalls, FortiProxy web proxies and FortiSwitch Manager (FSWM) that allows attackers to access the products without authentication. Fortinet had already warned in early October 2022 &#8211; but attacks on the &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/10\/13\/fortinet-warnung-vor-schwachstelle-cve-2022-40684\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-26980","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26980","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=26980"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26980\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=26980"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=26980"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=26980"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}