Fortinet Authentication bypass on administrative interface - Vulnerability Database

Fortinet Authentication bypass on administrative interface

Description

Fortinet products FortiOS, FortiProxy, FortiSwitchManager are vulnerable to an authentication bypass vulnerability that allows an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

The flaw affects the following versions:

FortiOS version 7.2.0 through 7.2.1

FortiOS version 7.0.0 through 7.0.6

FortiProxy version 7.2.0

FortiProxy version 7.0.0 through 7.0.6

FortiSwitchManager version 7.2.0

FortiSwitchManager version 7.0.0

Remediation

Please upgrade to FortiOS version 7.2.2 or above Please upgrade to FortiOS version 7.0.7 or above Please upgrade to FortiProxy version 7.2.1 or above Please upgrade to FortiProxy version 7.0.7 or above Please upgrade to FortiSwitchManager version 7.2.1 or above

References

FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface

FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)

Related Vulnerabilities

Severity

High

Classification

CVE-2022-40684

CWE-288

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N