Fortinet Warns Against Active Exploitation of Newly Discovered Critical Auth Bypass Fault
On Monday, Fortinet announced that the newly patched critical vulnerability affecting its firewall and proxy products is being actively exploited in the wild.
The flaw, tracked as CVE-2022-40684 (CVSS score: 9.6), relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the management interface via specially crafted HTTP(S) requests.
