(Critical) FortiOS / FortiProxy Vulnerability
Date of Notice: 10/07/2022
Action Level - Critical
Description
Fortinet has released updates for FortiOS and FortiProxy to address a critical vulnerability. If exploited, this vulnerability could allow an unauthenticated attacker to perform operations on the administrative interface. Due to the likelihood of an exploit being released as well as the ability to exploit remotely, Fortinet recommends immediate patching if you are running an affected version.
Affected Versions
- FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
- FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
Attack Vector
Any attacker with network access can exploit this vulnerability. This could be an external bad actor interacting with public facing devices or an internal bad actor interacting with any device they have network access to.
Attack Feasibility
There is currently no exploit available, though one is expected in the near future.
Remediation
Apply recommended Fortinet updates as soon as possible. Fortinet also recommends ensuring management interfaces are not exposed to the internet.
Vendor Resources