Security News > 2022 > October > Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount
2022-10-14 14:06

Ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet's firewalls and secure web gateways, and soon after exploitation attempts started rising.

" , the Wordfence Threat Intelligence team began tracking exploit attempts targeting CVE-2022-40684 on our network of over 4 million protected websites," Wordfence threat analyst Ram Gall shared.

They have recorded several exploit attempts and requests from over 20 IP addresses, but most of those were attempts to discover whether a Fortinet appliance is in place.

It is unknown who first discovered the existence of CVE-2022-40684, but Fortinet spotted it being exploited in the wild, created patches, and privately urged customers to implement them before going public with the information.

Ai researchers created an exploit after analyzing the differences between the vulnerable and the patched firmware, but refrained from publishing it for a few days, to give admins time to patch or implement workarounds.

Others have released PoCs and, as already noted, exploitation attempts have begun surfacing.


News URL

https://www.helpnetsecurity.com/2022/10/14/cve-2022-40684-exploitation/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-10-18 CVE-2022-40684 Improper Authentication vulnerability in Fortinet Fortios, Fortiproxy and Fortiswitchmanager
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
network
low complexity
fortinet CWE-287
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 169 57 405 185 81 728