Critical vulnerability warning in FortinetOS and FortiProxy

7. October 2022

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in FortinetOS and FortiProxy products.

FortinetOS and FortiProxy are Fortinet products. FortinetOS is an operating system that is used in other Fortinet products, FortiProxy is a web proxy used mainly for URL filtering, threat protection and malware detection. The latest vulnerability is a flaw in the administrative interface that allows an unauthenticated attacker to make changes throughout the device.

The vulnerability is coded CVE-2022-40684 and received a CVSS score of 9.8 9.6 (CVSS score has been updated).

The following versions are affected by this critical vulnerability:

Fortinet FortiOS versions 7.0.0 to 7.0.6 (inclusive)
Fortinet FortiOS version 7.2.0 to 7.2.1 (inclusive)
Fortinet FortiProxy version 7.0.0 to 7.0.6 (inclusive)
Fortinet FortiProxy version 7.2.0

Measures

The National Cyber Security Centre SK-CERT recommends that FortiOS and FortiProxy are immediately upgraded to the latest existing version, which includes a fix for the critical vulnerability in question. After performing the update, especially if you had the management interface accessible from the Internet, change all passwords and encryption keys. Also check your configuration for any new rules.

We also strongly recommend that you do not publish management interfaces to the Internet.

We also recommend reviewing logs and looking for non-standard behavior and suspicious patterns that may indicate that a vulnerability has been exploited. If you suspect that this vulnerability has been exploited on your instance of the platform, report the incident to the SK-CERT National Cyber Security Centre at [email protected].

« Späť na zoznam

Critical vulnerability warning in FortinetOS and FortiProxy

Measures

SK-CERT Bezpečnostné varovanie V20240415-02

SK-CERT Bezpečnostné varovanie V20240415-01

SK-CERT Bezpečnostné varovanie V20240411-01