back to article Fortinet warns of critical flaw in its security appliance OSes, admin panels

Security appliance vendor Fortinet has become the subject of a bug report by its own FortiGuard Labs after the discovery of a critical-rated flaw in three of its products. CVE-2022-40684 is rated 9.6/10 on the Common Vulnerability Scoring System (CVSS), meaning it is considered a critical flaw worthy of immediate attention. …

  1. Anonymous Coward
    Anonymous Coward

    Nice score !

    "CVE-2022-40684 is rated 9.6/10 on the Common Vulnerability Scoring System (CVSS), meaning it is considered a critical flaw worthy of immediate attention."

    Wow, that is a serious score, in terms of belonging to the Hall of Shame !

    Nice work, Fortinet !

    1. Hans Neeson-Bumpsadese Silver badge

      Re: Nice score !

      "FortiProxy is the company's secure web proxy"

      Considering the score, there's at least one word in that description that probably doesn't belong there

      1. phuzz Silver badge

        Re: Nice score !

        The second word!

        It should read "was" ;)

        1. yetanotheraoc Silver badge

          Re: Nice score !

          Maybe it should read "wasn't".

    2. mark239

      Re: Nice score !

      Palo alto have had one or more with a score of 10.0

  2. Altrux

    Security by insecurity

    We had a related organisation do a cybersecurity audit on us recently, and they want us to install a magic 'security gateway' to magically improve everything for our office network (which already has all the 'usual' firewall stuff). Fortigate would be one of the potential options for this. Ho hum, I'll sit smugly and delay implementing the recommendation a little longer, then...

    1. DrXym

      Re: Security by insecurity

      All I know about Fortinet is our place enabled deep packet inspection on just about everything and as a consequence broke just about every development tool.

      Something perverse about security that does a man in the middle attack and does as much harm to productivity as a malicious attacker would.

      1. mark239

        Re: Security by insecurity

        Then it sounds as if they didn't know what they were doing.

    2. mark239

      Re: Security by insecurity

      Were you planning on exposing the admin gui to the Internet?

  3. DougMac


    Who leaves their FW admin interface open to exploit?

    Fortigate from the start has options to lock down the "admin IP addresses" that can access any admin protocol (ie. SNMP, GUI, SSH), just like any FW vendor..

    At a minimum, lock it to your inside addresses, although would be better to restrict it just the internal IPs your network admins use.

    Thats been SOP from the start for us using Fortigate. Still, something else can be used to springboard off to the device, but if your restricted IP range of who can even touch the box is a tiny footprint, the chance of exploit is greately reduced.

    Also, to the Reg, FortiSwitchManager is a smashup of two different products.

    There is a PSIRT for FortiSwitch when they are in a security fabric with FortiGate.

    And there is a separate PSIRT for FortiManager for certain versions. They generalliy aren't mentioned together in the same breath.

    1. Paul Crawford Silver badge

      Re: Who??

      Who leaves their FW admin interface open to exploit?

      Those who believe a security appliance might be, er, secure?

      1. mark239

        Re: Who??

        Only an absolute balloon would leave any device admin gui open to the Internet.

        1. Paul Crawford Silver badge

          Re: Who??

          Very true, but was this admin interface deliberately opened (which would be monumentally stupid) or a case of insecure by default?

      2. Nick Ryan Silver badge

        Re: Who??

        I had an argument with some senior network person at our MSP who was trying to tell me that the admin interface could be safely left open to all of the Internet because their passwords were secure and they manage access carefully.

        I got my way and the access to the admin interface was restricted to only be permitted on expected originating addresses. As a result we are almost entirely safe from this exploit. Paranoia in security is a good thing, but this is just expected good practice.

  4. MS70a

    We were hacked

    We were hacked by CVE-2022-40684. The attackers gained access yesterday. Based on my rudimentary knowledge of Fortinet log analysis, they first downloaded our system config file four times using the "Local_Process_Access". Then they created a fake admin "fortigate-tech-support" and uploaded & ran a script on our device. Created a ticket with Fortinet and their response was underwhelming "too bad, restore from backup". How about a more detailed analysis? How about downloading a copy of the script to see what it did? for a 9.6 CVSS that affects more than 100,000 devices world-wide we demand a better response than "too bad, restore from backup". #angry

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like