The Cybersecurity and Infrastructure Security Agency (CISA) has added a Fortinet critical flaw to its known exploited vulnerabilities catalog.
CISA on Tuesday added the flaw to the KEV catalog, a day after Fortinet revealed an authentication bypass CVE-2022-40684 that it patched last week was already being exploited in the wild.
“Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device’s logs,” Fortinet said.
The firm has released updates for FortiOS, FortiProxy and FortiSwitchManager to address the flaw, which affects several of its security appliances.
“An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.”
However, for customers that can’t apply updates immediately, it has also provided workarounds to disable HTTP/HTTPS administrative interface or limit IP addresses that can reach the administrative interface.
Separately, CISA on Tuesday also added the Windows flaw CVE-2022-41033 to its KEV catalog. Microsoft released an update for it on Tuesday to address a Windows COM+ Event System Service elevation of privilege vulnerability. Microsoft confirmed it had been exploited but noted that the vulnerability had not been publicly disclosed.
CISA has ordered federal agencies to apply fixes for both flaws by November 1.
Security researchers with the Horizon3 Attack Team have published early indicators of compromise to help admins discover compromised devices.