Fortinet software authentication bypass vulnerability

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

9:35am, 11 October 2022

TLP Rating: Clear

Fortinet software authentication bypass vulnerability

A vulnerability has been discovered that affects FortiOS and FortiProxy. FortiGate and FortiWifi devices run FortiOS and are affected.

This vulnerability (CVE-2022-40684) allows for an attacker to bypass authentication to the administrative interface and may allow them to run commands remotely.

CERT NZ is aware of an open-source report that exploitation has occurred in the wild. We strongly recommend you investigate and patch your FortiOS and FortiProxy products as soon as possible.

What to look for

How to tell if you're at risk

FortiGate/FortiWifi devices running FortiOS and FortiProxy products are vulnerable if they are running:

  • FortiOS versions 7.2.0 through to 7.2.1
  • FortiOS versions 7.0.0 through to 7.0.6
  • FortiProxy version 7.2.0
  • FortiProxy versions 7.0.0 through to 7.0.6

If you only have SSL-VPN exposed, this vulnerability does not affect you.

How to tell if you're affected

CERT NZ recommends checking through your devices’ logs for the following indicator of compromise:

user="Local_Process_Access"

What to do

Prevention

Upgrade your FortiOS and FortiProxy products to the latest version:

  • Either FortiOS version 7.2.2 or 7.0.7
  • Either FortiProxy version 7.2.1 or 7.0.7

Mitigation

For alternative mitigations, CERT NZ recommends disabling HTTPS Administration on interfaces that are exposed to the internet and only allowing HTTPS Administration on a dedicated management network.

More information

Fortinet has published further details:

PSIRT Advisories | FortiGuard (fortinet.com) External Link .

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link