The second aspect of this vulnerability is that, even if the exploit is successful, the attacker’s IP will not be made public. It’s important to remember that this vulnerability can still be exploited even if the firewall administrator hasn’t generated the API token. Customers of Fortinet have been privately informed of a security weakness affecting FortiGate firewalls and Forti Proxy web proxies that may allow an attacker to carry out unauthorized actions on vulnerable systems. This vulnerability’s CVE number is 2022-40684 and its CVSS evaluation gave it a 9.6 rating. The FortiOS, Forti Proxy, and Forti switch Manager appliances from Fortinet were found to be vulnerable. The Fortinet CVE-2022-40684 vulnerability is being actively exploited and is defined as the exploit that can log in as an administrator on the vulnerable system because it is an authentication bypass vulnerability. Customers of Fortinet who use vulnerable product instances are at great risk because the security flaw, designated as CVE-2022-40684, is currently being actively used in the wild. Fortinet recently discovered an authentication bypass flaw in its FortiOS, FortiProxy, and FortiSwitchManager appliances. Note this! A brand-new, significant vulnerability is coming.
0 Comments
Leave a Reply. |