CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Exploitation Status:

Fortinet recommends immediately validating systems against the following indicator of compromise in the device’s logs:
user=”Local_Process_Access”

Affected Products
FortiOS version 7.2.0 through 7.2.1
FortiOS version 7.0.0 through 7.0.6
FortiProxy version 7.2.0
FortiProxy version 7.0.0 through 7.0.6
FortiSwitchManager version 7.2.0
FortiSwitchManager version 7.0.0

IP List:

75.128.217.136
45.10.20.17
172.105.83.186
179.60.149.28
20.57.158.226
139.162.167.203
139.162.168.42
194.233.164.30
46.101.135.117
143.110.251.168
45.76.207.145
45.79.57.48
79.124.78.121
80.90.55.44
81.90.189.16
89.38.225.143
104.225.221.150
124.89.2.71
159.223.157.30
164.92.175.242
164.92.255.241
165.22.124.66
167.71.220.251
170.187.181.53
174.138.31.98
193.29.104.141
194.233.164.177
207.154.247.38
5.188.93.213
37.235.49.106
45.33.66.120
45.129.3.183
66.228.40.113
68.183.37.233
79.139.159.219
82.157.37.187
87.249.133.111
103.107.196.203
103.107.197.4
103.234.72.40
104.160.6.2
114.32.14.170
129.150.47.154
137.184.237.124
146.190.17.219
157.230.215.0
159.65.30.189
164.92.169.191
165.231.182.21
170.239.98.110
172.105.185.110
178.79.186.199
178.79.186.216
179.210.220.142
180.109.51.153
185.147.212.62
188.166.0.200
192.46.228.251
212.143.124.187
222.128.5.238

Workaround:
Workaround is available in https://www.fortiguard.com/psirt/FG-IR-22-377

Solutions
Please upgrade to FortiOS version 7.2.2 or above
Please upgrade to FortiOS version 7.0.7 or above
Please upgrade to FortiProxy version 7.2.1 or above
Please upgrade to FortiProxy version 7.0.7 or above
Please upgrade to FortiSwitchManager version 7.2.1 or above

Reference:
https://www.fortiguard.com/psirt/FG-IR-22-377