Security appliance vendor Fortinet has become the subject of a bug report by its own FortiGuard Labs after the discovery of a critical-rated flaw in three of its products.
CVE-2022-40684 is rated 9.6/10 on the Common Vulnerability Scoring System (CVSS), meaning it is considered a critical flaw worthy of immediate attention.
FortiGuard’s advisory explains why the flaw scored so highly, revealing it’s an authentication bypass present in FortiOS, FortiProxy, and FortiSwitchManager.
FortiOS is the operating system for Fortinet’s security appliances, FortiProxy is the company’s secure web proxy, and FortiSwitchManager manages Fortinet’s Ethernet switches.