1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Nasty vulnerability in Fortinet firewalls, proxies abused in real

    From TechnologyDaily@1337:1/100 to All on Tue Oct 11 12:45:04 2022
    Nasty vulnerability in Fortinet firewalls, proxies abused in real-world attacks

    Date:
    Tue, 11 Oct 2022 11:29:15 +0000

    Description:
    Fortinet urged customers to patch immediately as the flaws are being already being abused in the wild.

    FULL STORY ======================================================================

    Fortinet has patched a high-severity vulnerability in multiple services that allowed threat actors remote access and was being abused in the wild.

    In a security advisory published late last week, the company described the flaw as an authentication bypass on the admin interface, allowing unauthenticated individuals to log into FortiGate firewalls, FortiProxy web proxies , and FortiSwitch Manager on-prem management instances.

    The flaw is being tracked as CVE-2022-40684. Urgent matters

    "An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative
    interface via specially crafted HTTP or HTTPS requests," Fortinets announcement reads.

    The company also said the patch was released this Thursday and added that it notified some of its customers via email, urging them to disable remote management user interfaces with the utmost urgency.

    A couple of days after releasing the patch, the company came out with more details, claiming it found evidence of at least one real-life campaign leveraging the flaw:

    "Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following
    indicator of compromise in the device's logs: user="Local_Process_Access,"
    the company said.

    These are the Fortinet products that should be patched immediately: Read more

    FBI says hackers hit US local government through Fortinet VPN


    Iranian hackers blamed for Fortinet and Microsoft Exchange hacks


    These are the best VPNs right now FortiOS : 7.2.1, 7.2.0, 7.0.6, 7.0.5,
    7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 FortiProxy : 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 FortiSwitchManager : 7.2.0, 7.0.0

    According to BleepingComputer , at least 140,000 FortiGate firewalls can be accessed via the internet and are likely exposed to attacks, if their admin management interfaces are also exposed, it said. Those that are unable to patch their endpoints right away should block attackers by disabling HTTP/HTTPS admin interfaces or limit the IP addresses that have access via Local in Policy, it was explained.

    "If these devices cannot be updated in a timely manner, internet-facing HTTPS Administration should be immediately disabled until the upgrade can be performed," Fortinet concluded. These are the best business VPNs out there

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/nasty-vulnerability-in-fortinet-firewalls-proxi es-abused-in-real-world-attacks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)