Rapid 7 - CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too.

On October 3, 2022, Fortinet released a software update that indicates then-current versions of their FortiOS (firewall) and FortiProxy (web proxy) software are vulnerable to CVE-2022-40684, a critical vulnerability that allows remote, unauthenticated attackers to bypass authentication and gain access to the administrative interface of these products with only a specially crafted http/s request.

According to communications from Fortinet that were shared on social media, Fortinet “is strongly recommending all customers with vulnerable versions to perform an immediate upgrade.”

Affected products

  • FortiOS 7.0.0 to 7.0.6
  • FortiOS 7.2.0 to 7.2.1
  • FortiProxy 7.0.0 to 7.0.6 and 7.2.0

Remediation

On Thursday, October 6, 2022, Fortinet released version 7.0.7 and version 7.2.2, which resolve the vulnerability.

Along with Fortinet, Rapid7 strongly recommends that organizations who are running an affected version of the software upgrade to 7.07 or 7.2.2 immediately, on an emergency basis. These products are edge devices, which are high-value and high-focus targets for attackers looking to gain internal network access. While Rapid7 is not currently aware of exploitation in the wild for this vulnerability, using prior FortiOS vulnerabilities as in indicator (such as CVE-2018-13379) we expect attackers to focus on CVE-2022-40684 quickly and for quite some time.

Furthermore, Rapid7 recommends that all high-value edge devices limit public access to any administrative interface.

Rapid7 customers

InsightVM/Nexpose customers: Our researchers are currently working on adding vulnerability check(s).

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.




from Rapid7 Blog https://blog.rapid7.com/2022/10/07/cve-2022-40684-remote-authentication-bypass-vulnerability-in-fortinet-firewalls-web-proxies/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

KnowBe4 - Phishing Campaigns Abuse AI Workflow Automation Platforms

Image
Threat actors are abusing agentic AI automation platforms to deliver malware and send phishing emails, according to researchers at Cisco Talos. The researchers observed attackers using n8n, a legitimate platform that automates workflows in web apps and services like Slack, GitHub, Google Sheets, and others. from Human Risk Management Blog https://blog.knowbe4.com/phishing-campaigns-abuse-ai-workflow-automation-platforms
Read more

The Hacker News - Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps with clusters from The Hacker News https://thehackernews.com/2026/05/phishing-campaign-hits-80-orgs-using.html
Read more