Security News > 2022 > October > Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount
Ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet's firewalls and secure web gateways, and soon after exploitation attempts started rising.
" , the Wordfence Threat Intelligence team began tracking exploit attempts targeting CVE-2022-40684 on our network of over 4 million protected websites," Wordfence threat analyst Ram Gall shared.
They have recorded several exploit attempts and requests from over 20 IP addresses, but most of those were attempts to discover whether a Fortinet appliance is in place.
It is unknown who first discovered the existence of CVE-2022-40684, but Fortinet spotted it being exploited in the wild, created patches, and privately urged customers to implement them before going public with the information.
Ai researchers created an exploit after analyzing the differences between the vulnerable and the patched firmware, but refrained from publishing it for a few days, to give admins time to patch or implement workarounds.
Others have released PoCs and, as already noted, exploitation attempts have begun surfacing.
News URL
https://www.helpnetsecurity.com/2022/10/14/cve-2022-40684-exploitation/
Related news
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? (source)
- Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-40684 | Improper Authentication vulnerability in Fortinet Fortios, Fortiproxy and Fortiswitchmanager An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. | 9.8 |