Security News > 2022 > October > Fortinet warns admins to patch critical auth bypass bug immediately

Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability.
"An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests," Fortinet explains in a customer support bulletin issued today.
Fortinet has also emailed customers and advised them to update to the latest available versions immediately.
"Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company warned.
Per today's customer support bulletin, Fortinet released security patches on Thursday, asking customers to update vulnerable devices to FortiOS/FortiProxy versions 7.0.7 or 7.2.2.
News URL
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- ASUS warns of critical auth bypass flaw in routers using AiCloud (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Ivanti warns of critical Neurons for ITSM auth bypass flaw (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE (source)
- Hewlett Packard Enterprise warns of critical StoreOnce auth bypass (source)
- HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass (source)
- Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI (source)
- Critical Fortinet flaws now exploited in Qilin ransomware attacks (source)