Critical vulnerability in FortiGate firewalls and FortiProxy web proxies allow remote threat actor to take control of management interface

Managers of FortiGate firewalls and FortiProxy web proxies have been advised by Fortinet to upgrade to the most recent versions, which fix a serious severity flaw.

An administrative interface authentication bypass design flaw (marked as CVE-2022-40684) might allow remote malicious actors to log onto unpatched systems.

CVE-2022-40684 is a major authentication bypass vulnerability that obtained a CVSSv3 score of 9.6. A malicious hacker with access to the administration interface might carry out administrator actions by sending specifically designed HTTP or HTTPS queries to a susceptible target.

There is no information at this time on whether attackers have taken use of this vulnerability. However, Fortinet’s advice to fix this vulnerability “with the utmost urgency” is prudent considering threat actors’ propensity to target FortiOS vulnerabilities.

Fortinet’s customer messages, which have now been made public on Twitter, list the following susceptible and patched version numbers:

According to Fortinet, you can restrict access to the management interface by using a local-in policy if you are unable to apply patches right away. In their FortiGate Hardening Guide, Fortinet also provides instructions for blocking access to trusted hosts and preventing administrative access to the interface that faces the internet.