Fortinet is warning customers about a serious vulnerability in a number of FortiGate firewalls and FortiProxy Web proxies. The company has released a patch for the bug, which allows attackers to log into an admin account from a remote location.

The bug is tracked as CVE-2022-40684, although no public information has yet been registered on it. Fortinet is aware of the bug and writes on his site that it has released a patch for this, but the company itself does not provide public details about it. The patch was implemented in FortiOS 7.2.2. Also in the official release notes is called the bug with no information.

The hacker known as Gitworm says Fortinet recommends its customers update FortiOS. The vulnerability is in all FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. FortiProxy, a Web proxy tool, is also vulnerable. These include versions 7.0.0 to 7.0.6 and version 7.2.0.

The bug has received a Critical rating, and a CVSS score of 9.6. It involves an authentication bypass for the administrator environment. Attackers can access that environment from a distance without authentication. “Because of the ability to execute this exploit from a distance, Fortinet recommends that all customers with the vulnerable versions upgrade them immediately,” the company writes. Attackers can enter a system by making ‘a specially crafted http or https request. By doing so, they can create a argument injection perform. That is a vulnerability tracked as CW-88. As far as we know, the bug is not being exploited publicly and no proof of concept from.

We have since secured the clients our, should we be able to help your organization with keeping your environment safe, or with patching this bug? Please take a moment contact with us.