Several security companies report that attackers are trying to exploit a critical vulnerability in the FortiGate firewalls, FortiProxy web proxies and FortiSwitch Manager from manufacturer Fortinet on a large scale. The vulnerability in FortiOS, designated CVE-2022-40684, could allow an unauthenticated attacker to access the administrative interface and perform various actions. The impact of the vulnerability was assessed on a scale of 1 to 10 with a 9.6.
FortiOS is Fortinet's operating system that runs on all kinds of network devices, such as firewalls and switches. The vulnerability could allow an attacker to compromise these devices, which could have major consequences for organizations. In early October, Fortinet released a security update for the issue. A proof-of-concept exploit has now appeared online. After its release, several security companies are reporting an increase in attack attempts against Fortinet devices.
The attacks attempt to modify the administrator's SSH key. An attacker can then log into the system as an administrator. Previously, Fortinet advised customers to verify that their network devices have not already been compromised. In addition to installing the patch, Fortinet states that disabling the HTTP/HTTPS admin interface can be applied as a workaround.