PoC Exploit for Critical Vulnerability in Fortinet Products Appeared
A PoC exploit has been published for the critical vulnerability CVE-2022-40684 in Fortinet products, which affects FortiGate firewalls, FortiProxy web proxy, and FortiSwitch Manager. This bug is rated 9.6 points out of 10 on the CVSS scale and allows a complete authentication bypass.
Let me remind you that we also wrote that Hackers leaked credentials of 500,000 Fortinet VPN accounts to the public.
Fortinet developers reported a critical vulnerability in their products earlier this week, and released patches for a dangerous problem that was already under attack at that time.
Back then, information security experts from the Horizon3 Attack Team reported that they had already developed a PoC exploit for a fresh problem and intended to make it public soon.
The following products are known to be affected by this issue:
- FortiOS: versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1;
- FortiProxy: versions 7.0.0 to 7.0.6 and 7.2.0;
- FortiSwitchManager: Versions 7.0.0 and 7.2.0.
The vulnerability has already been fixed in FortiOS 7.0.7, 7.2.2 and higher, FortiProxy 7.0.7, 7.2.1 and higher, and FortiSwitchManager 7.2.1 or higher.
The researchers kept their promise, and now the PoC exploit, as well as the technical analysis of the vulnerability, are freely available to everyone. The specialists’ exploit is designed to set the SSH key for the user, which is specified when running a Python script from the command line.
Although the report and the exploit of specialists were published only yesterday, not only developers, but also specialists from the US Infrastructure and Cybersecurity Agency (CISA) are warning about active attacks on the CVE-2022-40684 problem. So, this week, CISA introduced a vulnerability to the list of exploited, urgently demanding that the US federal executive authorities update Fortinet products before November 1 of this year.
Let me remind you that also in the spring of 2021, the US authorities warned of attacks by APT groups through vulnerabilities in Fortinet FortiOS VPN.