Cybersecurity solutions a provider Fortinet announced patches for multiple vulnerabilities in its products this week, including a high-severity authentication bypass affecting FortiOS and FortiProxy.
The authentication bypass was discovered in FortiOS’s SSH login component and was tracked as CVE-2022-35843 (CVSS score of 7.7). Only when Radius authentication is used can the bug be triggered. According to Fortinet’s advisory, “an authentication bypass by assumed-immutable data vulnerability in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device by sending specially crafted Access-Challenge response from the Radius server.”
Also Read: Analyzing CISA’s Cross-Industries Cybersecurity Performance Objectives
FortiOS, the network operating system that powers Fortinet’s physical firewalls, is frequently targeted by threat actors attempting to compromise commercial, government, and technology services networks.
Read More: Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
