Fortinet has released a patch an advisory on a recent critical authentication bypass vulnerabilities affecting FortiOS, FortiProxy, and FortiSwitchManager.
The auth bypass bug CVE-2022-40684 allows an unauthenticated user to perform administrative functions through maliciously crafted HTTPS requests.
Account owners with affected devices ave been notified early last week prior to their public release to update their products or contact support per the advisory.
Learn more about this vulnerability and Fortinet’s follow-up advisor on proactivately helping customers upgrade and monitoring the exploit.