The recent Fortigate vulnerability (CVE-2022-40684) has exposed sensitive configurations and VPN credentials for over 15,000 devices, presenting a significant global threat to organizations. This authentication bypass vulnerability allows attackers to gain unauthorized access, alter configurations, and compromise network security.
CVE-2022-40684 impacts:
- FortiOS (7.2.0 to 7.2.1, 7.0.0 to 7.0.6)
- FortiProxy (7.2.0, 7.0.0 to 7.0.6)
- FortiSwitchManager (7.2.0, 7.0.0)
Public Exploitation:
January 2025, with configurations of over 15,000 devices exposed by threat actors.
Mitigation Steps
Update to Patched Versions:
- FortiOS 7.2.2 or above, 7.0.7 or above.
- FortiProxy 7.2.1 or above, 7.0.7 or above.
- FortiSwitchManager 7.2.1 or above, 7.0.1 or above.
- Reset Administrative Credentials to enforce stronger passwords.
- Audit Firewall Configurations for unauthorized changes.
- Enable Logging and Monitoring to detect anomalies.
- Implement MFA to secure administrative access.