Authentication bypass using an alternate path or channel in FortiOS and FortiProxy

#VU68070 Authentication bypass using an alternate path or channel in FortiOS and FortiProxy

Published: 2022-10-13 | Updated: 2023-02-28

Vulnerability identifier: #VU68070

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-40684

CWE-ID: CWE-288

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
FortiOS
Operating systems & Components / Operating system
FortiProxy
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to missing authentication within the administrative web interface. A remote non-authenticated attacker can bypass authentication and compromise the affected device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FortiOS: 7.2.0 - 7.2.1, 7.0.0 - 7.0.6

FortiProxy: 7.2.0, 7.0.0 - 7.0.6

External links
http://twitter.com/Gi7w0rm/status/1578299492822003712
http://docs.fortinet.com/document/fortigate/7.0.7/fortios-release-notes/289806/resolved-issues

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Authentication bypass in Fortinet FortiSwitch Manager

Authentication bypass in Fortinet FortiGate and FortiProxy