Security News > 2022 > October > Fortinet urges admins to patch bug with public exploit immediately
Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks.
The company released security updates to address the flaw last week and it also advised customers in private alerts to disable remote management user interfaces on affected devices "With the utmost urgency" to block attacks if they can't immediately patch.
On Friday, after the exploit code was released, Fortinet issued a public warning asking customers to patch this actively exploited security flaw urgently.
Attackers started scanning for unpatched Fortinet devices as soon as the initial confidential notification was sent to customers on October 6, with Fortinet saying that it detected threat actors exploiting the vulnerability to create malicious administrator accounts.
Cybersecurity companies GreyNoise and Bad Packets confirmed Fortinet's findings after sharing that they've also detected attackers scanning for and attempting to exploit CVE-2022-40684 in the wild.
CISA also added CVE-2022-40684 on Tuesday to its list of security bugs exploited in attacks, requiring all Federal Civilian Executive Branch agencies to patch Fortinet devices on their networks until November 1st. Admins who can't immediately apply patches or disable vulnerable appliances to ensure that they aren't compromised can also use the mitigation measures shared by Fortinet in this security advisory.
News URL
Related news
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-40684 | Improper Authentication vulnerability in Fortinet Fortios, Fortiproxy and Fortiswitchmanager An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. | 9.8 |