Attention Network Administrators: Attackers are currently exploiting a vulnerability in Fortinet network products. According to security researchers, if the attacks are successful, they should set up remote access to corporate networks with administrator rights.
The “criticalThe vulnerability (CVE-2022-40684) affects FortiOS, FortiProxy, and FortiSwitch. Specifically, firewalls and proxies are threatened. With prepared HTTP/HTTPS requests, attackers can perform actions with administrator rights. Attacks must be remote and without patches Authentication security has been available since the beginning of October 2022.
Remote admin access
Cybersecurity researchers are now reporting that attackers are targeting the vulnerability and using it to set up SSH access with administrator rights. This means that they can access the systems at any time. In addition, after a successful attack, attackers can create new users, view system configurations, and redirect traffic. According to their own data, researchers came across VPN access points to compromised systems on a hacker forum.
In a report, they state that more than 100,000 firewalls are accessible on the Internet worldwide – including some in Germany. Because of the current attacks, obviously not all of them have been patched yet. It is not yet known to what extent the attacks are currently taking place. Administrators should ensure that the following versions that are secured against attacks are installed:
- FortiOS 7.0.7, 7.2.2, 7.0.5 B8001 for FG6000F and 7000E/F platforms.
- Forte Agent 7.0.7, 7.2.1
- Forty Switch 7.0.1, 7.2.1
A Fortinet alert provides additional information such as indicators (IOCs) of attacks that have already occurred.
(From)
