10.07.2022

(Critical) FortiOS / FortiProxy Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 10/07/2022

Action Level - Critical

Description

Fortinet has released updates for FortiOS and FortiProxy to address a critical vulnerability. If exploited, this vulnerability could allow an unauthenticated attacker to perform operations on the administrative interface. Due to the likelihood of an exploit being released as well as the ability to exploit remotely, Fortinet recommends immediate patching if you are running an affected version.

Affected Versions

  • FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
  • FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0

Attack Vector

Any attacker with network access can exploit this vulnerability. This could be an external bad actor interacting with public facing devices or an internal bad actor interacting with any device they have network access to.

Attack Feasibility

There is currently no exploit available, though one is expected in the near future.

Remediation

Apply recommended Fortinet updates as soon as possible. Fortinet also recommends ensuring management interfaces are not exposed to the internet.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC