Overview 

A critical authentication bypass vulnerability tracked as CVE-2022-40684 exists in FortiGate firewalls and FortiProxy web proxies. According to Fortinet, the vulnerability can allow an attacker to log into the vulnerable devices and perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.  

CVE-2022-40684 impacts the following versions:  

  • FortiOS 
  • From 7.0.0 to 7.0.6 
  • From 7.2.0 to 7.2.1 
  • FortiProxy 
  • From 7.0.0 to 7.0.6 
  • 7.2.0 

Fortinet has since addressed the issue and has released patches for FortiOS and FortiProxy versions 7.0.7 or 7.2.2. This week, Fortinet privately warned their customers about the vulnerability and provided a workaround for those who cannot immediately patch. Although more than 100,000 FortiGate firewalls are reachable from the Internet, it is unknown if their management interfaces are exposed.  

 

 

However, the cyber security company advises that it is best that all customers with vulnerable versions patch immediately due to the ability to exploit CVE-2022-40684 remotely. Fortinet stated the company delayed a public statement regarding the flaw because they wanted to wait until their customers applied the proper fixes. Fortinet has not commented on whether or not the vulnerability has been exploited in the wild.  

 

 

How Avertium is Protecting Our Customers:

  • Fusion MXDR is the first MDR offering that fuses together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is great than the sum of its parts. 
  • Avertium offers VMaaS to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap. 
  • Minimizing the impact of a successful ransomware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 

 

 

Avertium's recommendations

Avertium recommends that your organization apply the appropriate patches for CVE-2022-40684.  

If you are unable to patch, the company has issued a workaround:  

  • Limit the IP addresses that can reach the administrative interface using a local-in-policy. This will block remote attackers from bypassing authentication and logging into vulnerable devices.  
 





 INDICATOR'S OF COMPROMISE (IOCS):

At this time, there are no known IoCs associated with CVE-2022-40684. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.  

 

 

 

Supporting documentation

Fortinet urges customers to immediately fix a critical authentication bypass flaw in FortiGate and FortiProxySecurity Affairs 

 Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy (thehackernews.com) 

 FortiOS Release Notes | FortiGate / FortiOS 7.0.7 | Fortinet Documentation Library 

 FortiOS Release Notes | FortiGate / FortiOS 7.2.2 | Fortinet Documentation Library 

 Release Notes | FortiProxy 7.0.7 | Fortinet Documentation Library 

 Fortinet warns admins to patch critical auth bypass bug immediately (bleepingcomputer.com) 

 

 

 

 

Related Reading: Everything You Need to Know About Bumblebee Ransomware

Contact us for more information about Avertium’s managed security service capabilities.