1. Summary
| Vulnerability Name | Fortinet Authentication Bypass Vulnerability (CVE-2022-40684) |
|---|---|
| Release Time | Oct 11, 2022 |
| Component Name | FortiOS FortiProxy FortiSwitchManager |
| Affected Versions | FortiOS version 7.2.0 through 7.2.1 FortiOS version 7.0.0 through 7.0.6 FortiProxy version 7.2.0 FortiProxy version 7.0.0 through 7.0.6 FortiSwitchManager version 7.0.0 FortiSwitchManager version 7.2.0 |
| Vulnerability Type | Authentication Bypass |
| Exploitability | Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None |
| Impact | Severity: CVSS v3 Base Score 9.8 (Critical) Confidentiality Impact: High Integrity Impact: High Availability Impact: High |
2. About CVE-2022-40684
2.1 Introduction
FortiOS is the operating system of FortiGate NGFW.
FortiProxy is a secure web proxy developed by Fortinet.
FortiSwitchManager is the on-premises management platform for FortiSwitch devices.
2.2 Summary
On October 11, 2022, Sangfor FarSight Labs discovered a security bulletin published by Fortinet, which disclosed the Fortinet Authentication Bypass vulnerability (CVE-2022-40684), classified as critical with a CVSS Score of 9.8.
An authentication bypass using an alternate path or channel in FortiOS, FortiProxy, and FortiSwitchManager allows an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Fortinet reports that there have been instances where this vulnerability was exploited, specifically to download the config file from the targeted devices, and to add a malicious super_admin account called "fortigate-tech-support"
3. Affected Versions
FortiOS version 7.2.0 through 7.2.1
FortiOS version 7.0.0 through 7.0.6
FortiProxy version 7.2.0
FortiProxy version 7.0.0 through 7.0.6
FortiSwitchManager version 7.0.0
FortiSwitchManager version 7.2.0
4. Solutions
4.1 Remediation Solutions
Users are recommended to update their affected products to the latest version to fix the vulnerability.
FortiOS version 7.2.2 or above
FortiOS version 7.0.7 or above
FortiOS version 7.0.5 B8001 or above for FG6000F and 7000E/F series platforms
FortiProxy version 7.2.1 or above
FortiProxy version 7.0.7 or above
FortiSwitchManager version 7.2.1 or above
FortiSwitchManager version 7.0.1 or above
4.2 Sangfor Solutions
4.2.1 Security Monitoring
The following Sangfor products and services perform real-time monitoring of assets affected by the Fortinet Authentication Bypass vulnerability (CVE-2022-40684):
- Sangfor Cyber Command (Network Detection and Response)
- Sangfor Cyber Guardian (Managed Detection and Response)
4.2.2 Security Protection
The following Sangfor products and services provide protection against the Fortinet Authentication Bypass vulnerability (CVE-2022-40684):
5. Timeline
On Oct 11, 2022, Sangfor FarSight Labs received a notice about the Fortinet Authentication Bypass vulnerability (CVE-2022-40684).
On Oct 11, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.
6. Reference
https://www.fortiguard.com/psirt/FG-IR-22-377
7. Learn More
Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.
