Fortinet has identified a critical vulnerability within its FortiGate firewalls and FortiProxy web proxies. Read on to learn if you’re affected and what you need to do to mitigate the threat.
Fortinet has released patches for a critical authentication bypass vulnerability tracked as CVE-2022-40684. This vulnerability can allow threat actors to log into unpatched FortiGate devices.
Fortinet has stressed the importance of patching this vulnerability by stating, “This is a critical vulnerability and should be dealt with the utmost urgency.”
The following versions are affected by CVE-2022-40684:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
Fortinet urges clients on the above versions to update to FortiOS/FortiProxy versions 7.0.7 or 7.2.2 as soon as possible.
For organizations that cannot immediately upgrade, they should limit the IP addresses that can reach the administrative interface using a local-in-policy as a temporary mitigation.
Nuspire has confirmed that none of the devices it directly manages are on the affected versions, thus no action is required. Nuspire also limits the administrative interface using local-in-policy as recommended by security best practices.
If your FortiGate is directly managed by Nuspire, there is no action to take, as the device is not on a vulnerable version.
If you manage your FortiGate, verify the firmware version. If the device is on an affected version as listed above, update your firmware as soon as possible or apply the recommended mitigation until it can be updated, per Fortinet’s guidance.