This week, Fortinet, a provider of cybersecurity solutions, released fixes for a number of flaws affecting a variety of its products, including a high-severity authentication bypass affecting FortiOS and FortiProxy. According to Fortinet, the flaw affects FortiProxy versions 7.0.x, 2.0.x, and 1.2.x as well as FortiOS versions 7.2.x, 7.0.x, 6.4.x, 6.2.x, and 6.0.x.
The FortiOS SSH login component’s authentication bypass was found and is being tracked as CVE-2022-35843 (CVSS score of 7.7). Only Radius authentication can cause the bug to manifest. Versions of FortiProxy (7.0.7 and 2.0.11) and FortiOS (7.2.2, 7.0.8, and 6.4.10) all received patches.