National Cyber Security Authority | Advisory: FortiOS / FortiProxy / FortiSwitchManager Vulnerability Advisory

Report Incident

× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Advisory: FortiOS / FortiProxy / FortiSwitchManager Vulnerability Advisory

Description

Fortinet has released a security update to address a vulnerability affecting their appliances (CVE-2022-40684)

Affected systems

CVE 2022-40684 is a critical authentication bypass vulnerability affecting FortiOS / FortiProxy / FortiSwitchManager.

Security Risks

This attack may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. For full advisories addressing these vulnerabilities, refer to Fortinet’s Security advisories.

https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684

https://www.tenable.com/blog/cve-2022-40684-critical-authentication-bypass-in-fortios-and-fortiproxy

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators should:

Follow the advisory shared by Fortinet and apply suggested mitigations to lower the risk of vulnerability exploitation.
Apply the required and latest security updates as soon as possible.
Before any updating task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

Fortinet’s Public Advisory

Fortinet’s Update regarding CVE-2022-40684

17 October 2022

More updates

20 December 2022

Advisory: VMware Security Advisory

VMware released security updates for its products to address the heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI).

30 October 2022

Advisory: Apple iOS and macOS Flaw’s security advisory

Apple has released security updates to address vulnerabilities in iOS and macOS, including a new zero-day flaw that is being actively exploited by…

30 October 2022

Advisory: Google Zero-day vulnerability Patch Advisory

Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in…

19 October 2022

Advisory: Zimbra CVE

Zimbra has released security updates to address vulnerabilities affecting Ubuntu and Redhat installation versions.

Address

8 KG 7 St, Kacyiru, Kigali-Rwanda

Telecom House, 5th Floor

Contact Us

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224

Privacy Policy

Rw-CSIRT website

Newsletter

Subscribe to our newsletter to be the first to know about our latest updates.

© 2024 National Cyber Security Authority