Security News > 2022 > October > Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug
2022-10-11 06:21
FortiOS version 7.2.0 through 7.2.1.
FortiOS version 7.0.0 through 7.0.6.
FortiProxy version 7.0.0 through 7.0.6.
FortiSwitchManager version 7.2.0, and.
Updates have been released by the security company in FortiOS versions 7.0.7 and 7.2.2, FortiProxy versions 7.0.7 and 7.2.1, and FortiSwitchManager version 7.2.1.
If updating to the latest version isn't an option, it's recommended users disable the HTTP/HTTPS administrative interface, or alternatively limit IP addresses that can access the administrative interface.
News URL
https://thehackernews.com/2022/10/fortinet-warns-of-active-exploitation.html
Related news
- Juniper patches critical auth bypass in Session Smart routers (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- New SuperBlack ransomware exploits Fortinet auth bypass flaws (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw (source)