• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
fortinet warns of active exploitation of newly discovered critical auth

Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

You are here: Home / General Cyber Security News / Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug
October 11, 2022

Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy items is being actively exploited in the wild.

Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could let a remote attacker to carry out unauthorized operations on the administrative interface by means of specifically crafted HTTP(S) requests.

“Fortinet is conscious of an instance in which this vulnerability was exploited, and endorses instantly validating your programs from the following indicator of compromise in the device’s logs: user=”Local_Course of action_Accessibility,”” the business mentioned in an advisory.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

The checklist of impacted products is beneath –

  • FortiOS variation 7.2. by way of 7.2.1
  • FortiOS edition 7.. by 7..6
  • FortiProxy version 7.2.
  • FortiProxy variation 7.. by means of 7..6
  • FortiSwitchManager version 7.2., and
  • FortiSwitchManager model 7..

Updates have been launched by the security company in FortiOS variations 7..7 and 7.2.2, FortiProxy variations 7..7 and 7.2.1, and FortiSwitchManager variation 7.2.1.

CyberSecurity

The disclosure will come days right after Fortinet despatched “private advance customer communications” to its shopper to apply patches to mitigate possible attacks exploiting the flaw.

If updating to the newest model isn’t an option, it really is suggested consumers disable the HTTP/HTTPS administrative interface, or alternatively limit IP addresses that can accessibility the administrative interface.

Discovered this write-up appealing? Comply with THN on Facebook, Twitter  and LinkedIn to examine additional unique material we put up.


Some parts of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Ukraine Enhances Cooperation With EU Cybersecurity Agencies
Next Post: Pro-Russian Group KillNet Claims Responsibility for 14 US Airport DDoS Attacks Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.