Fortinet Vulnerability Allows Full Device Access


Fortinet has released updates for affected products and recommends installing now.

Fortinet has published an advisory warning of targeted attacks exploiting vulnerability CVE-2022-40684, reports Dennis Fisher.

“The flaw affects FortiOS, FortiProxy, and FortiSwitch Manager, and an attacker can exploit it simply by sending a malicious request to the exposed web interface. A successful attack gives the threat actor the ability to gain administrator privileges on a compromised device,” Fisher says.

Fortinet has released updates for all of the affected products and recommends installing those updates as soon as possible.

The company says it is “aware of an instance where this vulnerability was exploited and recommends immediately validating your systems against the following indicator of compromise in the device's logs: user="Local_Process_Access".

Read more at Decipher.

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=