Update: Attackers actively exploiting recently disclosed authentication bypass vulnerability in FortiOS, FortiProxy and FortiSwitchManager
Key takeaway: Adversaries can exploit the vulnerability remotely to gain full control of affected systems [297 words]. What: Attackers have begun actively exploiting a critical authentication bypass vulnerability (CVE-2022-40684) that Fortinet privately disclosed last week in its FortiOS, FortiProxy and FortiSwitchManager technologies. The vulnerability allows a remote, unauthenticated attacker to gain full administrative control of […]
Read MoreFortinet warns of critical severity remotely executable authentication bypass vulnerability
Key takeaway: Fortinet products are a popular attacker target. Update now if you have affected versions of FortiOS and FortiProxy in your environment. If you cannot patch immediately disable Internet facing HTTPS Admin till you can.[296 words] What: A critical authentication bypass vulnerability (CVE-2022-40684) exists in the following FortiOS and FortiProxy versions. FortiOS: From 7.0.0 […]
Read More