Connect with us
Categories:
X

Technology

Important authentication flaw in Fortinet products actively used in the wild

Published

on

Important authentication flaw in Fortinet products actively used in the wild
Share this post:

Fortinet is urging customers to patch a critical authentication bypass vulnerability that has already been exploited in the wild.

Earlier this month, the networking vendor patched the bug, CVE-2022-40684, found in its FortiOS network operating system, FortiProxy secure web proxy, and FortiSwitchManager management platform projects.

The vulnerability allows an unauthenticated attacker to add an SSH key to the admin user, enabling potential miscreants to hack the administrative interface using specially crafted HTTP or HTTPS requests.

The issue affects FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1, FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0, and FortiSwitchManager versions 7.0.0 and 7.2.0.

Customers were notified via email and advised to update vulnerable devices to FortiOS 7.0.7 or 7.2.2 and above, FortiProxy 7.0.7 or 7.2.1 and above, and FortiSwitchManager 7.2.1 or above earlier this month. Those that can’t, said Fortinet, should immediately disable internet-facing HTTPS Administration interfaces.

After the patch was released, Horizon3.ai published proof-of-concept code for exploiting the vulnerability.

“An attacker can use this vulnerability to do just about anything they want to the vulnerable system. This includes changing network configurations, adding new users, and initiating packet captures,” it warned.

“Note that this is not the only way to exploit this vulnerability and there may be other sets of conditions that work. For instance, a modified version of this exploit uses the User-Agent ‘Node.js’.”

Axis of exploit

Meanwhile, cybersecurity firm Cyfirma warned that attackers are scanning for and attempting to exploit the vulnerability in the wild.

“Our intelligence research community observed Iranian and Chinese threat actors abusing the vulnerabilities of Fortinet products,” it said. “The suspected threat actors are US17IRGCorp aka APT34, HAFNIUM, and its affiliates in the ongoing campaign.”

Cyfirma warned that Iranian cybercriminals appear to be colluding with Chinese groups and Russian cybercriminals as part of the campaign, with the aim of supporting Russia’s offensive in Ukraine.

Dark web forum discussions, according to Cyfirma, have focused on exploiting weakness in enterprise networks that rely of Fortinet’s technologies, manipulator-in-the-middle (MITM) attacks, potential ransomware attacks, and lateral movement to hack deeper in the network of compromised organizations.

Patching advice reiterated

In response to the detection of attacks in the wild, Fortinet issued a further advisory, stressing the increased seriousness of the situation.

“Fortinet is aware of instances where this vulnerability was exploited to download the config file from the targeted devices, and to add a malicious super_admin account called ‘fortigate-tech-support’,” it said, before reiterating its advice for customers to update.

However, four days later, it appeared that many affected organizations had still failed to patch their systems, leading to yet another warning from Fortinet.

“After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party of PoC code, there is active exploitation of this vulnerability,” it said.

In a statement for The Daily Swig, the company adds: “As part of our commitment to the security of our customers, we continue to proactively reach out to strongly urge them to immediately follow the guidance provided in our October 10 PSIRT Advisory (FG-IR-22-377), as we continue monitoring the situation.”


Get More Stories Like This On: Facebook: @AllNaijaEntertainment, Twitter: @AllNaijaEntertainment

Cryptocurrency
Technology5 hours ago

Meaning and Uses for Tether Crypto Explained

Bitcoin Cryptocurrency
Technology4 weeks ago

Have A Brief Idea About Bitcoin Mining And Its Operation

Mark Your Calendars For These 4 Premier Sporting Events Of 2023
Sports1 month ago

Mark Your Calendars For These 4 Premier Sporting Events Of 2023

How To Safeguard Your Crypto Wallet?
Technology2 months ago

How To Safeguard Your Crypto Wallet?

Angry youths chase Elumelu away as they disrupt PDP campaign in Delta
News2 months ago

Angry youths chase Elumelu away as they disrupt PDP campaign in Delta

Lai Mohammed
News2 months ago

FG recovers over N120bn from proceeds of crime – Lai Mohammed

News2 months ago

Tinubu says Peter Obi, Atiku lack track record to be president

Atiku Abubakar
News2 months ago

Plateau PDP set to receive Atiku

Peter Obi praises Gov Uzodimma’s leadership style
News2 months ago

Peter Obi praises Gov Uzodimma’s leadership style

Entertainment2 months ago

‘Free Mind’ by Tems enters 20th week on Billboard Hot 100

Kizz Daniel
Entertainment2 months ago

Buga by Kizz Daniel is the most searched song in Nigeria in 2022

News2 months ago

NJC Reinstates Justice Ofili-Ajumogobia As Judge Of Federal High Court

Man sentenced to 21 years in prison for stealing Lady Gaga's dogs
Entertainment2 months ago

Man sentenced to 21 years in prison for stealing Lady Gaga’s dogs

NNPC Ltd to disclose new asset base – Kyari
News2 months ago

Nigeria Records ₦‎16 Trillion Worth Of Crude Oil In 9 Months

Entertainment2 months ago

Broda Shaggi begs African fathers to hug their children

News2 months ago

Chatham House: APC slams Dele Momodu over comment on Tinubu

News2 months ago

Samuel Eto’o Apologises After Physically Attacking YouTuber

News2 months ago

N-Power Fraud: D’banj Arrested & Detained – ICPC Confirms, Releases Statement

News2 months ago

FG: Second Niger Bridge will open to traffic Dec 15

News2 months ago

2023 Polls Won’t Mar Nigeria – Sultan, CAN, SGF

Education2 months ago

ASUU Strike: CONUA threatens to sue FG over withheld salaries

Sports2 months ago

Eden Hazard announce retirement from international football

News2 months ago

2023: APC Has Failed Northerners, Muslim-Muslim Ticket Won’t Work – Shagari

News2 months ago

Teleprompters In Sight As Tinubu Spoke At Chatham House – Jaafar Shares Photo

Buhari
News2 months ago

2023: No manipulations of any form will be allowed, Buhari vows

News2 months ago

Kano Hisbah to destroy 18,000 bottles of beer

Entertainment2 months ago

Emancipation: Will Smith pulls you in with gritty realities of slavery era[Review]

Will Smith hopes ‘brutal’ depictions of slavery in Emancipation are ‘not in vain’, as he attends premiere in London
Entertainment2 months ago

I became more alive by facing my pain – Will Smith

Luis Enrique
Sports2 months ago

Spain manager full of praise for his players despite shock Morocco loss

Goncalo Ramos
Sports2 months ago

Goncalo Ramos reacts after taking Cristiano Ronaldo’s place in Portugal team

Frank Leboeuf
Sports2 months ago

Frank Leboeuf aims bizarre dig at Kieran Trippier

Sports2 months ago

Can the Three Lions outsmart France’s unstoppable star player?

Horoscope2 months ago

Your daily horoscope for Wednesday, December 7, 2022

Sports2 months ago

FIFA World Cup 2022: Goncalo Ramos nets first hat-trick of 2022 FIFA World Cup as Portugal trash Switzerland

Sports2 months ago

FIFA World Cup 2022: Yassine Bono the hero as Morocco knocks Spain out of World Cup

Godwin Emefiele
News2 months ago

CBN Drops ATM Withdrawal Limit To ₦‎20k/Day

TikTok logo
News2 months ago

‘TikTok Challenge’ Circulates Info-Stealing Malware – NCC

DOWNLOAD Complete Wednesday (TV series) (2022 film) Season 1 Subtitles File [English SRT] 2022
Movie Subtitle2 months ago

DOWNLOAD Complete Wednesday (TV series) (2022 film) Season 1 Subtitles File [English SRT] 2022

The vast network of antennas will form the world’s largest radio telescope
Technology2 months ago

The largest radio telescope in the world’s construction gets underway

News2 months ago

FG releases new curriculum for universities in Nigeria

ANE Billboard Hots