Australian Cyber Security Centre
Background /What has happened?
A authentication bypass vulnerability (CVE-2022-40684) has been identified in the administrative interface of FortiOS devices in versions 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1, FortiProxy devices in versions 7.0.0 to 7.0.6 and 7.2.0, as well as FortiSwitchManager in versions 7.0.0 and 7.2.0. This vulnerability may affect FortiGate and FortiWifi products running these versions of FortiOS.
Exploitation of this vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.
The ACSC is not aware of any successful exploitation attempts against Australian organisations.
/Public Release. View in full here.
