[SECURITY-L] CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy
CSIRT Unicamp
security em unicamp.br
Sexta Outubro 7 14:23:00 -03 2022
https://www.tenable.com/blog/cve-2022-40684-critical-authentication-bypass-in-fortios-and-fortiproxy
CVE-2022-40684 is a critical authentication bypass vulnerability that
received a CVSSv3 score of 9.6. By sending specially crafted HTTP or HTTPS
requests to a vulnerable target, a remote attacker with access to the
management interface could perform administrator operations.
At this time, there is no information on whether this vulnerability has
been exploited in attacks. But, given threat actors’ penchant for targeting
FortiOS vulnerabilities, Fortinet’s recommendation to remediate this
vulnerability “with the utmost urgency” is appropriate.
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20221007/06fcc606/attachment.html>
Mais detalhes sobre a lista de discussão SECURITY-L