CVE-2022-40684

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.6 FortiOS versions 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.6 FortiProxy version 7.2.0 FortiSwitchManager version 7.0.0 FortiSwitchManager version 7.2.0

Description An authentication bypass using an alternate path or channel in Fortinet products allows an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. The estimated number of potentially affected devices worldwide is around 15,000. This issue has been exploited in real-world incidents, with attackers downloading configuration files and adding malicious super admin accounts. Technical details include the use of specially crafted HTTP or HTTPS requests to exploit the vulnerability. The

user="Local Process Access"

indicator in device logs may signify a compromise.

Recommendations FortiOS versions 7.0.0 through 7.0.6: Disable HTTP/HTTPS administrative interface or limit IP addresses that can reach the administrative interface. FortiOS versions 7.2.0 through 7.2.1: Disable HTTP/HTTPS administrative interface or limit IP addresses that can reach the administrative interface. FortiProxy version 7.0.0 through 7.0.6: Disable HTTP/HTTPS administrative interface or limit IP addresses that can reach the administrative interface for versions 7.0.6. FortiProxy version 7.2.0: Disable HTTP/HTTPS administrative interface. FortiSwitchManager version 7.0.0: Disable HTTP/HTTPS administrative interface. FortiSwitchManager version 7.2.0: Disable HTTP/HTTPS administrative interface.