Skip to main content

Remote code execution vulnerability present in Fortinet devices

A vulnerability (CVE-2022-40684) has been identified in several Fortinet products running certain versions from 7.0.0 onwards, that could allow a malicious cyber actor to bypass authentication and perform unauthorised actions. Affected Australian organisations should apply the available patch and follow Fortinet’s mitigation advice.

Alert status
CRITICAL

Background /What has happened?

A authentication bypass vulnerability (CVE-2022-40684) has been identified in the administrative interface of FortiOS devices in versions 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1, FortiProxy devices in versions 7.0.0 to 7.0.6 and 7.2.0, as well as FortiSwitchManager in versions 7.0.0 and 7.2.0. This vulnerability may affect FortiGate and FortiWifi products running these versions of FortiOS.

Exploitation of this vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.

The ACSC is not aware of any successful exploitation attempts against Australian organisations.

Further information on this vulnerability including mitigations and recommendations, is available in Fortinet’s security advisory.

Mitigation / How do I stay secure?

Australian organisations that use FortiOS devices in versions 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1, FortiProxy devices in versions 7.0.0 to 7.0.6 and 7.2.0, and FortiSwitchManager versions 7.0.0 and 7.2.0 should review their patch status and update to the latest version.

Australian organisations that are unable to update should disable the HTTP/HTTPS administrative interface or consider limiting IP addresses that can reach the administrative interface using the local-in-policy as described in the Fortinet advisory. Australian organisations that are unable to update should disable the HTTP/HTTPS administrative interface or consider limiting IP addresses that can reach the administrative interface using the local-in-policy as described in the Fortinet advisory.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and can provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

Was this information helpful?
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it