CURRENT ACTIVITIES 

Threat actors exploiting authentication bypass vulnerability in Fortinet Products

Indian - Computer Emergency Response Team (cert-in.org.in)

It is reported that threat actors are actively exploiting an authentication bypass vulnerability in Fortinet Products. The vulnerability allows the attacker to gain access to administrative interface and perform actions via a specially crafted request.

Software Affected

Forti OS versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1

Forti Proxy versions 7.0.0 to 7.0.6 and 7.2.0

Forti Switch Manager versions 7.2.0 and 7.0.0

Description

This vulnerability exists in FortiOS, FortiProxy and FortiSwitchManager due to an authentication error. An attacker could exploit this vulnerability by sending a specially crafted HTTP/HTTPS request to the target user and adding a SSH key to the admin user. The attacker gains access to the SSH into the affected system as admin.

Successful exploitation of this vulnerability could allow the attacker to bypass security restrictions and gain complete access to the target system.

Note: It is to be noted that this vulnerability is being exploited in the Wild in case the patches are not updated.

Solution

Upgrade to the latest versions of FortiOS, FortiProxy and FortiSwitchManager as mentioned in the vendor advisory:

Vendor Information

Fortiguard

Reference

CVE Name

CVE-2022-40684