Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Fortinet Products

10 October 2022

Fortinet has released security updates to address a critical vulnerability (CVE-2022-40684) in FortiOS and FortiProxy.

Successful exploitation of the vulnerability could allow a remote, unauthenticated attacker to perform operations on the administrative interface to bypass authentication via specially crafted HTTP requests.

The vulnerability affects the following products:
• FortiOS versions 7.2.0 to 7.2.1, and 7.0.0 to 7.0.6
• FortiProxy versions 7.0.0 to 7.0.6, and 7.2.0

Administrators and users of affected products are advised to upgrade to the latest versions immediately.

More information is available here:

https://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues

https://www.bleepingcomputer.com/news/security/fortinet-warns-admins-to-patch-critical-auth-bypass-bug-immediately/

Back to top