The Cyble researchers disclosed that while targeting affected versions of Fortinet products, “an attacker takes advantage of a controlling mechanism in a function responsible for evaluating the affected devices’ access to the REST API functionality. The loophole allows an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. Tracked as CVE-2022-40684, the security vulnerability allows for an authentication bypass that uses an alternate path or channel in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0. Hence, with high confidence, we conclude that the Threat Actor behind this sale exploited CVE-2022-40684.” “As per intelligence gathered from sources, the victim organizations were using outdated FortiOS. “While analyzing the access, it was found that the attacker was attempting to add their own public key to the admin user’s account,” the researchers wrote in a blog post on Thursday. While during routine monitoring, researchers at Cyble observed a hacker distributing multiple unauthorized Fortinet VPN access over one of the Russian cybercrime forums.
Cyble researchers said that multiple versions of Fortinet products have been affected by an authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiProxy, and FortiSwitchManager.
0 kommentar(er)
