Fortinet's FortiGate firewalls and FortiProxy web proxies are being impacted by a new critical security flaw, which could be exploited to facilitate arbitrary operation execution through specially crafted HTTP(S) requests, The Hacker News reports.
The authentication bypass vulnerability, tracked as CVE-2022-40684, affects FortiOS versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1, as well as FortiProxy versions 7.0.0 to 7.0.6 and 7.2.0, said Fortinet in a private warning sent to users, which also noted that the bug has already been remedied in FortiOS 7.0.7 and 7.2.2, as well as FortiProxy 7.0.7 and 7.2.1. Users of vulnerable Fortinet systems have also been advised to deactivate internet-facing HTTPS Administration or enforce a "local-in traffic" firewall policy until the upgrades have been performed. Fortinet later noted that public disclosure of the flaw has been delayed up until its customers have remediated the issue. "There are instances where confidential advance customer communications can include early warning on advisories to enable customers to further strengthen their security posture, which then will be publicly released in the coming days to a broader audience. The security of our customers is our first priority," said Fortinet.
New critical vulnerability impacting Fortinet products
Fortinet's FortiGate firewalls and FortiProxy web proxies are being impacted by a new critical security flaw, which could be exploited to facilitate arbitrary operation execution through specially crafted HTTP(S) requests, The Hacker News reports.
Organizations have been warned by the Cybersecurity and Infrastructure Security Agency about ongoing attacks exploiting unencrypted F5 BIG-IP Local Traffic Manager module-managed persistence cookies to discover other devices within the targeted network.
Affected by the flaw, which has remained unresolved since being detailed by SSD Disclosure in an advisory late last month, were Linear eMerge E3 versions 0.32-03i, 0.32-04m, 0.32-05p, 0.32-05z, 0.32-07p, 0.32-07e, 0.32-08e, 0.32-08f, 0.32-09c, 1.00.05, and 1.00.07, according to SSD Disclosure.