Background /What has happened?
A authentication bypass vulnerability (CVE-2022-40684) has been identified in the administrative interface of FortiOS devices in versions 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1, FortiProxy devices in versions 7.0.0 to 7.0.6 and 7.2.0, as well as FortiSwitchManager in versions 7.0.0 and 7.2.0. This vulnerability may affect FortiGate and FortiWifi products running these versions of FortiOS.
Exploitation of this vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is not aware of any successful exploitation attempts against Australian organisations.
Further information on this vulnerability including mitigations and recommendations, is available in Fortinet’s security advisory.
Mitigation / How do I stay secure?
Australian organisations that use FortiOS devices in versions 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1, FortiProxy devices in versions 7.0.0 to 7.0.6 and 7.2.0, and FortiSwitchManager versions 7.0.0 and 7.2.0 should review their patch status and update to the latest version.
Australian organisations that are unable to update should disable the HTTP/HTTPS administrative interface or consider limiting IP addresses that can reach the administrative interface using the local-in-policy as described in the Fortinet advisory. Australian organisations that are unable to update should disable the HTTP/HTTPS administrative interface or consider limiting IP addresses that can reach the administrative interface using the local-in-policy as described in the Fortinet advisory.
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and can provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.