Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Advisory: FortiOS / FortiProxy / FortiSwitchManager Vulnerability Advisory

Description

 

Fortinet has released a security update to address a vulnerability affecting their appliances (CVE-2022-40684)
 
Affected systems
 
CVE 2022-40684 is a critical authentication bypass vulnerability affecting FortiOS / FortiProxy / FortiSwitchManager.
 
Security Risks
 
This attack may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. For full advisories addressing these vulnerabilities, refer to Fortinet’s Security advisories.
 
https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684
 
https://www.tenable.com/blog/cve-2022-40684-critical-authentication-bypass-in-fortios-and-fortiproxy
 
Recommended Actions
 
The National Cyber Security Authority (NCSA) strongly recommends that system administrators should:
  1. Follow the advisory shared by Fortinet and apply suggested mitigations to lower the risk of vulnerability exploitation.
  2. Apply the required and latest security updates as soon as possible.
  3. Before any updating task, please ensure you have a recent backup that can easily be restored.
 
For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.
 
References
Fortinet’s Public Advisory
Fortinet’s Update regarding CVE-2022-40684

 

 

17 October 2022

© 2024 National Cyber Security Authority