Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
October 20, 2022 - TuxCare expert team
A Fortinet vulnerability in FortiGate firewalls and FortiProxy web proxies could allow a threat actor to perform unauthorized actions on vulnerable devices.
The bug, a critical bug traced as CVE-2022-40684, has a severity of 9.6 and affects some versions, including: FortiOS from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1; FortiProxy from 7.0.0 to 7.0.6 and 7.2.0. It has however been addressed in FortiOS versions 7.0.7 and 7.2.2, and FortiProxy versions 7.0.7 and 7.2.1 released this week.
Fortinet explained that the bug relates to an authentication bypass vulnerability that could allow an unauthenticated threat actor to perform arbitrary operations on the administrative interface via a specially crafted HTTP(S) request.
Fortinet said it was delaying the public announcement until its customers had implemented the corrections it had issued.
“Due to the ability to exploit the issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade,” the company cautioned in a warning shared by a security expert who goes by the alias Gitworm on Twitter.
A temporary workaround is to disable internet-based HTTPS Administration until upgrades can be set up, or alternatively to enforce a firewall policy for “local-in traffic.”
“Timely and ongoing communications with our customers is a key component in our efforts to best protect and secure their organization. Customer communications often detail the most up-to-date guidance and recommended next steps to best protect and secure their organization. There are instances where confidential advance customer communications can include early warning on advisories to enable customers to further strengthen their security posture, which then will be publicly released in the coming days to a broader audience. The security of our customers is our first priority,” said Fortinet.
The sources for this piece include an article in TheHackerNews.
Learn About Live Patching with TuxCare
According to CyberArk researchers, GPT-based models like ChatGPT can be...
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...
Deep Instinct researchers reported that RATs like StrRAT and Ratty...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...
A remote attacker could exploit multiple vulnerabilities in four Cisco...
In a notable IcedID malware attack, the assailant impacted the...