Fortinet allegedly rings a bell about a critical authentication bypass vulnerability in FortiGate and FortiProxy appliances. The flaw has been tracked with an identifier CVE-2022-40684 and has got a score of 9.6 out of 10 on the CVSS scale. An unauthenticated, remote attacker could achieve an authentication bypass on the administrative interface on the vulnerable version of FortiGate and FortiProxy appliances. Since this flaw allows an unauthenticated, remote attacker to exploit this issue remotely and perform operations on the administrative interface, it is highly important to know how to fix CVE-2022-40684, a critical Authentication Bypass Vulnerability in FortiGate and FortiProxy.
Table of Contents
A Short Intro About the FortiGate Firewall and FortiProxy Web Proxy
FortiGate is a multi-purpose firewall that can be used to protect your network against various threats. It offers features such as Intrusion Prevention System (IPS), Application Control, and Anti-Virus/Anti-Spyware. FortiGate also provides web filtering, email filtering, and content filtering to block unwanted traffic and content.
FortiProxy is a web proxy that can be used to filter internet traffic and block unwanted websites. It offers features such as content filtering, URL filtering, and malware protection. FortiProxy also provides web caching to improve internet speed and performance.
If you are looking for a firewall or web proxy that can offer comprehensive protection for your home or business network, then FortiGate and FortiProxy are two great options to consider.
Summary of CVE-2022-40684:
This is an authentication bypass vulnerability in FortiGate and FortiProxy. It allows an unauthenticated, remote attacker to exploit this issue remotely and perform operations on the administrative interface on susceptible devices. This vulnerability is rated Critical and assigned a CVSS score of 9.6 out of 10. Attackers could exploit this vulnerability just by sending a specially crafted HTTP(S) request. According to the Security researcher, Gitworm, more details about the flaw is not reveled yet due to security reasons.
FortiGate and FortiProxy Versions Affected by CVE-2022-40684- A Critical Authentication Bypass Vulnerability in FortiGate and FortiProxy
As per the tweet, the following versions of FortiOS of FortiGate Firewall and FortiProxy Web Proxy are impacted. Users whose appliances are running the vulnerable versions of ProtiOS and FortiProxy should fix the CVE-2022-41352 vulnerability.
- FortiOS: From 7.0.0 to 7.0.6, from 7.2.0 to 7.2.1
- FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
How to Fix CVE-2022-40684- A Critical Authentication Bypass Vulnerability in FortiGate and FortiProxy
Fortinet acknowledged the vulnerability by releasing the patch last week. All the users of the vulnerable version of FrotiOS and FortiProxy are advised to upgrade their appliances to v7.0.7 &7.2.2 and 7.0.7 & 7.2.1.
|Fortinet||Vulnerable Versions||Patched Versions|
|FortiOS||7.0.0 – 126.96.36.199.0 – 7.2.1||188.8.131.52.2|
|FortiProxy||7.0.0 – 184.108.40.206.0||220.127.116.11.1|
Fortinet has published a temporary workaround for the user who can’t go for an upgrade immediately. The vendor asked the users to make the web console inaccessible from the public network and cover the admin console behind a VPN Firewall to access it from a remote place. In addition to this, users can enforce a firewall policy to “local-in traffic.”
Let’s see how to fix the fix CVE-2022-40684, a critical Authentication Bypass Vulnerability in FortiGate and FortiProxy.
How to Upgrade FortiOS?
If you want to go for the manual upgrade process, download the upgrade image from https://support.fortinet.com, go to the ‘File Upload’ tab and upload the image.
- Log in to the console as an administrator
Log into the FortiGate GUI as the admin administrative user.
- Go to Fabric Management to see the Version info
Go to System > Fabric Management. The Firmware Version column displays the version and either (Feature) or (Mature).
- Open the Upgrade pane
Select the FortiGate, and click upgrade. The FortiGate Upgrade pane opens.
- See the available upgrades
Click All Upgrades. The available firmware versions are displayed.
- Select the target firmware, and see the upgrade options
You can instruct FortiOS to follow the upgrade path (referred to as a federated upgrade) or upgrade directly to the selected firmware version.
In this example, the target firmware is 7.2.0 build 1157(GA), and Follow upgrade path is selected. According to the upgrade path, the device can be automatically upgraded to v7.0.5 but not all the way to 7.2.0.
- Initiate the upgrade process
Select Follow upgrade path, and click Confirm and Backup Config. Then click Continue to initiate the upgrade.
The FortiGate will take the backup of current configurations, transfer to the management computer, uploads the firmware image file, upgrade the firmware, and at last, reboot itself. This completes the upgradation of the FrotiOS.
We hope this post would help you know how to fix CVE-2022-40684, a critical Authentication Bypass Vulnerability in FortiGate and FortiProxy. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.