Security News

Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager appliances.Ai security researchers released a proof-of-concept exploit and a technical root cause analysis for this vulnerability today, following an announcement that a CVE-2022-40684 PoC will be made available this week.

The massive shift from working in an office to working at home has highlighted many security and connectivity challenges. It's critical for organizations to enable secure access from anywhere to any application - while applying consistent security policies.

The way people work has fundamentally evolved, and organizations need to be able to keep workers productive from multiple locations. They need to make it possible for employees to work safely and securely whether they are located in the office, at home, or on the road. The Fortinet Security Fabric platform delivers endpoint, network, and remote access security that is required for employees to work from anywhere.

Upgrade FortiOS version 7.2.0 through 7.2.1 to version 7.2.2. Upgrade FortiOS version 7.0.0 through 7.0.6 to version 7.0.7 or above.

FortiOS version 7.2.0 through 7.2.1. FortiOS version 7.0.0 through 7.0.6.

Fortinet has confirmed today that a critical authentication bypass security vulnerability patched last week is being exploited in the wild. The security flaw is an auth bypass on the administrative interface that enables remote threat actors to log into FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager on-premise management instances.

Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. The issue impacts the following versions, and has been addressed in FortiOS versions 7.0.7 and 7.2.2, and FortiProxy version 7.0.7 released this week -.

Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability."An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests," Fortinet explains in a customer support bulletin issued today.

Organizations continue to shift workloads to the cloud at a rapid pace to achieve faster time to market, increased responsiveness, and cost reductions. With the majority of organizations expected to have more than half their workloads in the cloud within the next 12-18 months, it is no surprise that cloud security continues to remain a top concern.

The Fortinet Security Fabric delivers the broad, integrated, and automated capabilities needed to make a cybersecurity mesh architecture a reality. The industry's highest-performing cybersecurity mesh platform reduces complexity, streamlines operations, and increases threat detection and response capabilities to empower organizations to accelerate secured digital acceleration outcomes.