DESCRIPTION:
An authentication bypass using an alternate path or channel vulnerability (CVE-2022-40684) in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
AFFECTED RELEASES:
FortiOS 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1
FortiProxy 7.0.0 to 7.0.6 and 7.2.0
FortiSwitchManager 7.0.0 and 7.2.0
SOLUTION:
1. Users and system administrators of affected products are advised to apply the security updates:
(1) Please upgrade to FortiOS version 7.0.7 and 7.2.2 or above
(2) Please upgrade to FortiProxy version 7.0.7 and 7.2.1 or above
(3) Please upgrade to FortiSwitchManager version 7.2.1 or above
(4) To FG6000F and 7000E/F series, Please upgrade to FortiOS version 7.0.5 B8001 or above
2. If you can’t update to the latest version, please refer to the Fortinet official webpage for the” Workaround” part, and take action below:
(1) DIsable HTTP/HTTPS administrative interface
(2) Limit IP addresses that can reach the administrative interface
REFERENCE:
1. https://www.fortiguard.com/psirt/FG-IR-22-377
2. https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues
3. https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/289806/resolved-issues
4. https://www.tenable.com/blog/cve-2022-40684-critical-authentication-bypass-in-fortios-and-fortiproxy
5. https://www.helpnetsecurity.com/2022/10/11/cve-2022-40684-exploited/
6. https://www.ithome.com.tw/news/153533