Sequretek Advisory - Remote Authentication Bypass Vulnerability in Fortinet Firewalls
10/10/2022
Fortinet released patches for a critical authentication bypass vulnerability tracked as CVE-2022-40684 which allows threat actors to log into unpatched FortiGate devices.
• Fortinet on October 7, released a software update that indicates latest versions of their FortiOS (firewall) and FortiProxy (web proxy) software are vulnerable to CVE2022-40684.
• CVE-2022-40684 is a critical vulnerability that allows remote, unauthenticated attackers to bypass authentication and gain access to the administrative interface of these products.