New auth bypass bug targets FortiGate firewalls and FortiProxy web proxies

October 14, 2022

A Fortinet vulnerability in FortiGate firewalls and FortiProxy web proxies could allow a threat actor to perform unauthorized actions on vulnerable devices.

Fortinet has issued security updates to fix the vulnerability and has urged customers in private alert to disable remote management interfaces on affected devices “with utmost urgency.”

The bug, a critical bug traced as CVE-2022-40684, has a severity of 9.6 and affects some versions, including: FortiOS from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1; FortiProxy from 7.0.0 to 7.0.6 and 7.2.0. It has however been addressed in FortiOS versions 7.0.7 and 7.2.2, and FortiProxy versions 7.0.7 and 7.2.1 released this week.

Fortinet explained that the vulnerability is related to an authentication bypass vulnerability that could allow an unauthenticated threat actor to perform arbitrary operations on the administrative interface via a specially crafted HTTP(S) request.

Security experts from Horizon3.ai provided a proof-of-concept (PoC) exploit and a technical analysis of the root cause of the vulnerability. This exploit can exploit the authentication bypass flaw to set an SSH key for the user, which is specified from the command line when the Python script is started.

Horizon3.ai researchers explained that attackers can also compromise systems by changing the administrators’ SSH keys to allow the attacker to log into the compromised system; add new local users; update network configurations to redirect traffic; download the system configuration and initiate packet captures to collect other sensitive system information.

The sources for this piece include an article in BleepingComputer.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn