Security News > 2022 > October > Fortinet warns admins to patch critical auth bypass bug immediately
Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability.
"An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests," Fortinet explains in a customer support bulletin issued today.
Fortinet has also emailed customers and advised them to update to the latest available versions immediately.
"Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company warned.
Per today's customer support bulletin, Fortinet released security patches on Thursday, asking customers to update vulnerable devices to FortiOS/FortiProxy versions 7.0.7 or 7.2.2.
News URL
Related news
- Fortinet discloses second firewall auth bypass patched in January (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- New SuperBlack ransomware exploits Fortinet auth bypass flaws (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)