FortiOS, FortiProxy, and FortiSwitchManager Vulnerability (CVE-2022-40684)

Fortinet is urging customers to patch their appliances immediately following a recent authentication bypass vulnerability. Security researchers shared a proof of concept exploit and technical root cause analysis. Later the exploit code was released and almost immediately attackers started scanning for unpatched Fortinet devices.. This exploit allows attackers to create malicious administrator accounts on affected devices.

Administrators are urged to patch all devices immediately or disable remote management interfaces. This can be done by disabling the HTTP/HTTPS administrative interface or limiting the IP addresses that can be used to reach the admin interface. If you are unable to patch devices you can use the mitigation measures shared by Fortinet in this security advisory. Lastly, if you want to verify if your devices have been compromised you can check the devices logs for user=” Local_Process_Access”, user_interface=” Node.js”, or user_interface=” Report Runner”.

If your team needs assistance with securing Fortinet technologies or has questions on any cybersecurity topics, please reach out to our team. We’re here to help.

Contact Beringer Today!

Partner with us to ensure your organization’s devices are always secure and compliant with ever-changing security standards. Reach out to Beringer Technology Group today. We can help evaluate your current cybersecurity posture with our Cyber Security Risk Assessment Solution, and implement the right security solutions for your organization.

Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution also provides expert Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing, Email Security Implementation and Training,  Unified Communication Solutions, and Cybersecurity Risk Assessment.