Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

PoC Exploit for Critical Vulnerability in Fortinet Products Appeared

Now Reading
PoC Exploit for Critical Vulnerability in Fortinet Products Appeared

A PoC exploit has been published for the critical vulnerability CVE-2022-40684 in Fortinet products, which affects FortiGate firewalls, FortiProxy web proxy, and FortiSwitch Manager. This bug is rated 9.6 points out of 10 on the CVSS scale and allows a complete authentication bypass.

Let me remind you that we also wrote that Hackers leaked credentials of 500,000 Fortinet VPN accounts to the public.

Fortinet developers reported a critical vulnerability in their products earlier this week, and released patches for a dangerous problem that was already under attack at that time.

Authentication bypass using alternative path or channel [CWE-88] in FortiOS and FortiProxy allows an unauthenticated attacker to perform operations in the administrative interface using specially crafted HTTP or HTTPS requests. This is a critical vulnerability and should be fixed as soon as possible.<span class="su-quote-cite">the company warned.</span>

Back then, information security experts from the Horizon3 Attack Team reported that they had already developed a PoC exploit for a fresh problem and intended to make it public soon.

The following products are known to be affected by this issue:

  1. FortiOS: versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1;
  2. FortiProxy: versions 7.0.0 to 7.0.6 and 7.2.0;
  3. FortiSwitchManager: Versions 7.0.0 and 7.2.0.

The vulnerability has already been fixed in FortiOS 7.0.7, 7.2.2 and higher, FortiProxy 7.0.7, 7.2.1 and higher, and FortiSwitchManager 7.2.1 or higher.

The researchers kept their promise, and now the PoC exploit, as well as the technical analysis of the vulnerability, are freely available to everyone. The specialists’ exploit is designed to set the SSH key for the user, which is specified when running a Python script from the command line.

An attacker could use this vulnerability to do almost anything they want to an affected system, including changing the network configuration, adding new users, and capturing packets. This exploit appears to be following a common trend among recent enterprise software vulnerabilities where HTTP headers are not properly checked or are overly trusted.<span class="su-quote-cite">the experts wrote.</span>

Although the report and the exploit of specialists were published only yesterday, not only developers, but also specialists from the US Infrastructure and Cybersecurity Agency (CISA) are warning about active attacks on the CVE-2022-40684 problem. So, this week, CISA introduced a vulnerability to the list of exploited, urgently demanding that the US federal executive authorities update Fortinet products before November 1 of this year.

Let me remind you that also in the spring of 2021, the US authorities warned of attacks by APT groups through vulnerabilities in Fortinet FortiOS VPN.

What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response