Critical Fortinet Auth Bypass Bug: PoC Exploit Released During Active Attacks


A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches.

According to researcher James Horseman, “FortiOS exposes a management web portal that allows a user to configure the system. A user can also SSH into the system, which exposes a locked down CLI interface, the statement continued.

As of October 13, 2022, the threat intelligence company GreyNoise had identified 12 distinct IP addresses that were weaponizing CVE-2022-40684, with the majority of these being based in Germany, followed by the United States, Brazil, China, and France.

Read More: PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.