www.darkreading.com Open in urlscan Pro
2606:4700::6811:7863  Public Scan

Form analysis
0 forms found in the DOM

Text Content

The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

IoT

Physical Security

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Remote Workforce

Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * Understanding Cyber Attackers - A Dark Reading Nov 17 Event
   
 * Black Hat Europe - December 5-8 - Learn More
   

Webinars
 * Strategies for DDoS Resilience and Response
   Oct 18, 2022
 * Next-Gen Security Operations: Building the SOC of the Future
   Oct 19, 2022

Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Microsoft >

Subscribe
Login
/
Register

The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

IoT

Physical Security

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Remote Workforce

Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * Understanding Cyber Attackers - A Dark Reading Nov 17 Event
   
 * Black Hat Europe - December 5-8 - Learn More
   

Webinars
 * Strategies for DDoS Resilience and Response
   Oct 18, 2022
 * Next-Gen Security Operations: Building the SOC of the Future
   Oct 19, 2022

Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Microsoft >
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

IoT

Physical Security

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Remote Workforce

Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * Understanding Cyber Attackers - A Dark Reading Nov 17 Event
   
 * Black Hat Europe - December 5-8 - Learn More
   

Webinars
 * Strategies for DDoS Resilience and Response
   Oct 18, 2022
 * Next-Gen Security Operations: Building the SOC of the Future
   Oct 19, 2022

Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Microsoft >

--------------------------------------------------------------------------------

Subscribe
Login
/
Register
SEARCH
A minimum of 3 characters are required to be typed in the search bar in order to
perform a search.




Announcements
 1. 
 2. 
 3. 
 4. 

Event
Strategies for DDoS Resilience and Response | Oct 18 Webinar | <REGISTER NOW>
Event
Using Zero Trust to Protect Remote and Home Workers | Oct 6 Webinar | <REGISTER
NOW>
Event
Understanding Cyber Attackers - A Dark Reading November 17 Virtual Event | <GET
YOUR PASS>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top
of Mind | <READ IT NOW>
PreviousNext

Vulnerabilities/Threats

2 MIN READ

Quick Hits



PATCH NOW: FORTINET FORTIGATE & FORTIPROXY CONTAIN CRITICAL VULN

The bug is under active exploitation; Fortinet issued a customer advisory urging
customers to apply its update immediately.
Dark Reading Staff
Dark Reading
October 07, 2022
Source: Tatiana Popova via Shutterstock
PDF


UPDATE



A Fortinet bug disclosed last week is now under active exploitation. 

Fortinet on Friday warned that users of its FortGate firewall and FortiProxy Web
proxies should apply the latest updates to their products ASAP due to a critical
vulnerability that could allow an attacker to bypass authentication to the
products' administration interfaces. 



On Monday, the security firm updated the advisory to note that it's now aware of
instances of the bug being exploited in the wild.



An exploit would in effect give an attacker administrative control of the
network devices. The flaw, CVE-2022-40684, affects FortiOS versions 7.0.0 to
7.06 and 7.20 to 7.2.1, and FortiProxy versions 7.0.0 to 7.0.6 and 7.2.0, and
could allow an attacker to use "specially crafted HTTP or HTTPS requests" to
execute admin operations, according to Fortinet.

"Due to the ability to exploit this issue remotely Fortinet is strongly
recommending all customers with the vulnerable versions to perform an immediate
upgrade," Fortinet said in its advisory, which was cited on Twitter.

SANS Internet Storm Center (ISC), which reported the advisory, provided
additional advice: "If you have Fortinet products managed by a 3rd party, we
also recommended you to cross-check with them to ensure the upgrade will be
performed," SANS Interior Storm Center handler Xavier Mertens said in a post in
the ISC Diary.

“We are committed to the security of our customers. Fortinet recently
distributed a PSIRT advisory (FG-IR-22-377) that details mitigation guidance for
customers and recommended next steps," according to a Fortinet media statement.
"We continue to monitor the situation and have been proactively communicating to
customers, strongly urging them to immediately follow the guidance provided in
connection with CVE-2022-40684.”




This article was updated at 2 p.m. on Oct. 10 to include information on the
bug's active exploitation in the wild, and at 11 a.m. Oct. 11 to include
Fortinet's media statement.

RiskPerimeter
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.
Subscribe

More Insights
White Papers
 * 
   State of Ransomware Readiness: Facing the Reality Gap
 * 
   BotGuard for Streaming Service Case Study

More White Papers
Webinars
 * 
   Strategies for DDoS Resilience and Response
 * 
   Next-Gen Security Operations: Building the SOC of the Future

More Webinars
Reports
 * 
   How Machine Learning, AI & Deep Learning Improve Cybersecurity
 * 
   Breaches Prompt Changes to Enterprise IR Plans and Processes

More Reports

Editors' Choice
Microsoft Updates Mitigation for Exchange Server Zero-Days
Jai Vijayan, Contributing Writer, Dark Reading
School Is in Session: 5 Lessons for Future Cybersecurity Pros
Chris Jacob, VP, Threat Intelligence Engineering at ThreatQuotient
Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast
Dark Reading Staff, Dark Reading
CISA: Multiple APT Groups Infiltrate Defense Organization
Robert Lemos, Contributing Writer, Dark Reading
Webinars
 * Strategies for DDoS Resilience and Response
 * Next-Gen Security Operations: Building the SOC of the Future
 * Hacks That Bypass Multi-Factor Authentication and How to Make Your MFA
   Solution Phishing Resistant
 * Threat Hunting Today: The Tools and Techniques That Get You Out in Front of
   Criminals
 * Penetration Testing, Red Teaming, and More: Improving Your Defenses By
   Thinking Like an Attacker

More Webinars
Reports
 * How Machine Learning, AI & Deep Learning Improve Cybersecurity
 * Breaches Prompt Changes to Enterprise IR Plans and Processes
 * Implementing Zero Trust In Your Enterprise: How to Get Started
 * 6 Elements of a Solid IoT Security Strategy
 * Incorporating a Prevention Mindset into Threat Detection and Response

More Reports

White Papers
 * State of Ransomware Readiness: Facing the Reality Gap
 * BotGuard for Streaming Service Case Study
 * Achieve Balanced Security and Performance with Next-Generation
   Software-Defined WAN
 * Analyzing the Economic Benefits of Microsoft Defender for IoT
 * Breaches Prompt Changes to Enterprise IR Plans and Processes

More White Papers
Events
 * Understanding Cyber Attackers - A Dark Reading Nov 17 Event
 * Black Hat Europe - December 5-8 - Learn More
 * Black Hat Middle East & Africa - November 15-17 - Learn More

More Events
More Insights
White Papers
 * 
   State of Ransomware Readiness: Facing the Reality Gap
 * 
   BotGuard for Streaming Service Case Study

More White Papers
Webinars
 * 
   Strategies for DDoS Resilience and Response
 * 
   Next-Gen Security Operations: Building the SOC of the Future

More Webinars
Reports
 * 
   How Machine Learning, AI & Deep Learning Improve Cybersecurity
 * 
   Breaches Prompt Changes to Enterprise IR Plans and Processes

More Reports

DISCOVER MORE FROM INFORMA TECH

 * Interop
 * InformationWeek
 * Network Computing
 * ITPro Today

 * Data Center Knowledge
 * Black Hat
 * Omdia

WORKING WITH US

 * About Us
 * Advertise
 * Reprints

FOLLOW DARK READING ON SOCIAL

 * 
 * 
 * 
 * 
 * 


 * Home
 * Cookies
 * Privacy
 * Terms



Copyright © 2022 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.

This site uses cookies to provide you with the best user experience possible. By
using Dark Reading, you accept our use of cookies.

Accept