M247 Security Alert

Start: Fri, Oct 7th 2022, 18:00
End: Fri, Oct 21st 2022, 22:00

Dear Customer,

As a customer of M247 using Fortinet Firewall Devices we have been made aware of a security vulnerability which we are obliged to make you aware of.

CVE-2022-40684- Urgent Security Notification- Authentication Bypass Vulnerability in FortiOS and FortiProxy

On 6th October 2022, Fortinet have released a Critical Vulnerability Notification to all customers/suppliers/vendors of their products, this is an Authentication Bypass Vulnerability affecting the following products and OS.

FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
Fortinet are urging all M247 customers to update to FortiOS/FortiProxy versions 7.0.7 or 7.2.2.

M247 Will be working closely with Fortinet and its Firewall customers to implement a suitable fix for each device and will ensure your organisation is contacted as soon as possible to arrange mitigation.

In the meantime, we have been made aware that Fortinet have recommended restricting the IP addresses that can reach the administrative interface, this can be achieved by using a local in policy.

More information on how to complete this can be found at Cookbook | FortiGate / FortiOS 6.2.10 | Fortinet Documentation Library

This is a live vulnerability, and we are working quickly to review the risk and mitigation needed for each customer, we will communicate at the right time to ensure this is resolved promptly.

If you have any queries, please contact M247

M247 Support