Fortinet Vulnerability Alert: CVE-2022-40684

Wednesday 19th October 2022

Fortinet has disclosed an authentication bypass vulnerability in its FortiOS, FortiProxy, and FortiSwitchManager appliances. The security flaw tracked as CVE-2022-40684 is actively exploited in the wild, posing a serious risk to customers leveraging vulnerable product instances.

The following details background and timeline activities of Fortinet’s communications and processes to date in regards to CVE-2022-40684:

October 6: Issued email notification to the primary account owners of all potentially affected devices.

October 6: Issued a Customer Support Bulletin to all customers via https://support.fortinet.com.

October 6: onwards: Fortinet worked to notify CISA and other agencies to ensure this message has been communicated as broadly as possible in conjunction with our advisory.

October 10: Quickly following this window of time for customer communications, Fortinet issued a public Advisory (FG-IR-22-377) early morning PT.

October 10 – Present (18 October): We continue to proactively reach out to customers, strongly urging them to immediately follow the guidance provided in connection with CVE-2022-40684, as we continue monitoring the situation.

After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party of POC code, there is active exploitation of this vulnerability. Based on this development, Fortinet again recommends customers and partners take urgent and immediate action as described in the public Advisory (click here: https://www.bytes.co.uk/download_file/9096/0).

Bytes have requested a situation update from Fortinet and will update this page once received.

For questions relating to this critical vulnerability alert, please reach out to your Bytes Account Manager or email [email protected].


Want to keep informed? Sign up to our Newsletter

Connect