Fortinet Vulnerability Allows Full Device Access
Fortinet has published an advisory warning of targeted attacks exploiting vulnerability CVE-2022-40684, reports Dennis Fisher.
“The flaw affects FortiOS, FortiProxy, and FortiSwitch Manager, and an attacker can exploit it simply by sending a malicious request to the exposed web interface. A successful attack gives the threat actor the ability to gain administrator privileges on a compromised device,” Fisher says.
Fortinet has released updates for all of the affected products and recommends installing those updates as soon as possible.
The company says it is “aware of an instance where this vulnerability was exploited and recommends immediately validating your systems against the following indicator of compromise in the device's logs: user="Local_Process_Access".
Read more at Decipher.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.