Security Alert: Critical Vulnerability Discovered in Fortinet Products
Fortinet has issued a private alert regarding a serious security vulnerability affecting its FortiGate firewalls and FortiProxy web proxies. This issue has the potential to enable unauthorized actions on vulnerable devices, raising significant concerns for businesses relying on these solutions.
The vulnerability, tracked as CVE-2022-40684, has been assigned a critical CVSS score of 9.6. It pertains to an authentication bypass security flaw that could allow unauthenticated attackers to execute arbitrary commands on the administrative interface by crafting specific HTTP(S) requests. The implications of such unauthorized access could be extensive, posing risks to the integrity and confidentiality of sensitive data stored within these systems.
Affected versions of FortiOS include any from 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1, while FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0 are similarly impacted. Fortinet has moved swiftly to address the issue, providing updates in FortiOS versions 7.0.7 and 7.2.2, as well as FortiProxy versions 7.0.7 and 7.2.1, released within the same week.
In light of the remote exploitation potential, Fortinet has strongly urged customers to upgrade their systems immediately to mitigate this vulnerability. As a precautionary measure, users are advised to disable internet-facing HTTPS administration until the necessary upgrades are completed. Alternatively, enforcing firewall policies to restrict “local-in traffic” is recommended as an interim solution.
When approached for comments, Fortinet confirmed the advisory and indicated that public disclosure would be withheld until affected customers have implemented the available fixes. The company emphasized that clear communication is essential to ensuring customer safety and enhancing their security posture during this critical time.
In this incident, several tactics from the MITRE ATT&CK framework appear relevant. Initial access through exploitation of an external network can be inferred, given the potential for unauthorized commands. Additionally, methods corresponding to privilege escalation may be utilized as attackers gain increased control over the system through the exploited vulnerability.
As the cybersecurity landscape continues to evolve, prompt action and adherence to recommended security protocols become indispensable for business owners. Vigilance against emerging threats is crucial in safeguarding organizational assets and data integrity.