Fortinet Vulnerability Allows Full Device Access
Fortinet has published an advisory warning of targeted attacks exploiting vulnerability CVE-2022-40684, reports Dennis Fisher.
“The flaw affects FortiOS, FortiProxy, and FortiSwitch Manager, and an attacker can exploit it simply by sending a malicious request to the exposed web interface. A successful attack gives the threat actor the ability to gain administrator privileges on a compromised device,” Fisher says.
Fortinet has released updates for all of the affected products and recommends installing those updates as soon as possible.
The company says it is “aware of an instance where this vulnerability was exploited and recommends immediately validating your systems against the following indicator of compromise in the device's logs: user="Local_Process_Access".
Read more at Decipher.