Fortinet Announces Major Operating System Vulnerability

by Robinson Roca
Managing Director, Network Infrastructure

Fortinet released a PSIRT (Product Security Incident Response) announcing a major vulnerability in their Fortigate operating system October 6th, with modifications included October 10th. Helient recommends an immediate upgrade for customers running FortiOS versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1. If you are running any version in the 7.0.x train from 7.0.0 to 7.0.6 you should upgrade to 7.0.7. If you are operating on the 7.2.x train upgrade to 7.2.2.

Versions outside of the range above are not affected by this vulnerability. Helient’s Managed Services team is already working on client upgrades. Upgrades should be committed immediately, but if an upgrade is not possible now, Fortinet has a work around that leverages the local-in policy. Helient Managed Services customers are already in process for upgrades. If you are not a Helient Managed Services customer, Helient can assist you with getting your hardware upgraded or to get the work around in place. Reach out to Helient if you have any questions or would like further assistance.

Supporting Details:
Fortinet PSIRT: FG-IR-22-377
CVE ID: CVE-2022-40684
Severity: Critical / CVSS: 9.6

https://www.fortiguard.com/psirt/FG-IR-22-072
https://www.tenable.com/blog/cve-2022-40684-critical-authentication-bypass-in-fortios-and-fortiproxy

Helient can provide guidance and assistance in the planning and engineering of Fortinet upgrades. If you would like more information or assistance, please contact our industry-leading experts at service@helient.com.