Australian Cyber Security Centre
Background /What has happened?
A authentication bypass vulnerability (CVE-2022-40684) has been identified in the administrative interface of FortiOS devices in versions 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1, FortiProxy devices in versions 7.0.0 to 7.0.6 and 7.2.0, as well as FortiSwitchManager in versions 7.0.0 and 7.2.0. This vulnerability may affect FortiGate and FortiWifi products running these versions of FortiOS.
Exploitation of this vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.
The ACSC is not aware of any successful exploitation attempts against Australian organisations.
/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
