On 10/6/22 Fortinet announced an authentication bypass vulnerability in their FortiGate and FortiProxy products. This vulnerability would allow an attacker to bypass authentication access the Administrative functions of these devices and should be patched immediately.
There have been a few Fortinet related vulnerabilities over the last couple of years and organizations are often slow to patch these devices as the process can often be disruptive. However, these authentication bypass vulnerabilities are nothing to play with and should be addressed as quickly as possible.
At the moment there are approximately 100,000 of these devices that can be discovered through a Shodan search, so this has the potential to impact a lot of organizations. As is noted in the article linked below, it is unclear if all of those devices have their management portal exposed to the internet, and as a best practice these should not be exposed. As a mitigation step for this vulnerability, as well as future vulnerabilities, management interfaces should only be exposed to the internal network and limited to the devices that can access them from there.
This vulnerability is being tracked as CVE-2022-40684 and Fortinet has released a patch for it. Get that patch installed ASAP and block external traffic to those management interfaces.
Bleeping Computer: https://www.bleepingcomputer.com/news/security/fortinet-warns-admins-to-patch-critical-auth-bypass-bug-immediately/
