Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Fortinet Products
Alerts

Critical Vulnerability in Fortinet Products

10 October 2022

Fortinet has released security updates to address a critical vulnerability (CVE-2022-40684) in FortiOS and FortiProxy.

Successful exploitation of the vulnerability could allow a remote, unauthenticated attacker to perform operations on the administrative interface to bypass authentication via specially crafted HTTP requests.

The vulnerability affects the following products:
• FortiOS versions 7.2.0 to 7.2.1, and 7.0.0 to 7.0.6
• FortiProxy versions 7.0.0 to 7.0.6, and 7.2.0

Administrators and users of affected products are advised to upgrade to the latest versions immediately.

More information is available here:

https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues

https://www.bleepingcomputer.com/news/security/fortinet-warns-admins-to-patch-critical-auth-bypass-bug-immediately/

Back to top