An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 up to and including 7.2.1 and 7.0.0 up to and including 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 up to and including 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiswitchmanager 7.0.0 |
||
fortinet fortiswitchmanager 7.2.0 |
||
fortinet fortiproxy 7.2.0 |
||
fortinet fortiproxy |
||
fortinet fortios |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Naturally, they're already under attack – so you know what to do next
Security appliance vendor Fortinet has become the subject of a bug report by its own FortiGuard Labs after the discovery of a critical-rated flaw in three of its products. CVE-2022-40684 is rated 9.6/10 on the Common Vulnerability Scoring System (CVSS), meaning it is considered a critical flaw worthy of immediate attention. FortiGuard's advisory explains why the flaw scored so highly, revealing it's an authentication bypass present in FortiOS, FortiProxy, and FortiSwitchManager. FortiOS is the o...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources A huge attack surface for a vulnerability with various PoCs available
The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver's latest data, the number of Fortinet appliances vulnerable to CVE-2024-21762 stands at more than 133,000 – down only slightly from more than 150,000 ten days prior. Fortinet patched CVE-2024-21762 in early February, well over a month ago. It's a 9.6 severity vuln...