Attackers can bypass authentication on Fortinet firewalls and perform actions as admin – true admins should patch quickly.
The firewall manufacturer Fortinet warns its customers about a vulnerability in FortiOS and FortiProxy that can be exploited remotely. Anyone who cannot import the updates provided should also restrict access to the admin interface.
Authentication can be bypassed
Fortinet firewalls and proxies hide a serious security bug that remote attackers can exploit. The vulnerability provided with the CVE-ID CVE-2022-40684 allows bypassing the authentication on the admin interface of the affected products. Specially prepared HTTP(S) requests can then be used to carry out actions that are actually reserved for the administrator. Fortinet classifies the as critical and assigns a CVSS score of 9.6/10.
As the Internet Storm Center writes in its warning, Fortinet first alerted its customers to the vulnerability in a message classified as confidential – but the advisory immediately ended up on social networks.
According to Fortinet, not all versions of FortiOS and FortiProxy are affected. FortiOS between versions 7.0.0 and 7.0.6 and 7.2.0 and 7.2.1 is vulnerable, as is FortiProxy between 7.0.0 and 7.0.6 and version 7.2.0. Older versions do not contain the vulnerability.
Fortinet usually releases updates monthly as part of a patch day. Fortinet fixed several security vulnerabilities in July.
However, those who administer a Fortinet product should not wait for the October patch day. The vulnerability is fixed in FortiOS 7.0.7, 7.2.2, in FortiProxy 7.0.7 and 7.2.1 and in all newer versions. If an update is not possible at short notice, admins can import a workaround, which Fortinet describes to its paying customers in the support document CSB-221006-1.
(tw)
