Security News > 2022 > October > Fortinet warns admins to patch critical auth bypass bug immediately
Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability.
"An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests," Fortinet explains in a customer support bulletin issued today.
Fortinet has also emailed customers and advised them to update to the latest available versions immediately.
"Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company warned.
Per today's customer support bulletin, Fortinet released security patches on Thursday, asking customers to update vulnerable devices to FortiOS/FortiProxy versions 7.0.7 or 7.2.2.
News URL
Related news
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Hackers target new MOVEit Transfer critical auth bypass bug (source)
- GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (source)
- Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday (source)
- Netgear warns users to patch auth bypass, XSS router flaws (source)