Fast, reliable and secure solutions purpose built for research and education
Solutions for managing data and enabling collaboration virtually anywhere
Solutions for protecting campus networks and assets from cyber threats
Empower collaboration, discovery and innovation
Accelerate digital transformation
Inspire great teaching and learning
Transform the classroom experience
Discover, share and preserve collections
About our company and what we do
From pioneering the internet in Australia in 1989 to today
Our Board, Executive Team and Advisory Committee
Our company policies, statements and public reports
Explore opportunities and benefits of working with AARNet
Login or create an account to store, share and work with your data in one place
Browse answers to frequently asked questions about our products and services
Check the current performance status for our services
Log in to view details about your AARNet services, including usage reports
Fast local access to popular international open-source content
Check to see if a web address is on-net
Fortinet have identified a critical authentication bypass vulnerability on the administrative interface in their products running FortiOS, FortiProxy and FortiSwitch Manager allowing for an attacker to perform unauthorised operations or execution of commands.
CVE-2022-40684 allows for unauthorised execution of commands in Fortinet producs running FortiOS (FortiGate firewalls), FortiProxy (web proxies) and FortiSwitch Manager.
Affected versions include:
An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. The exploit can be used with any HTTP method (GET, POST, PUT, DELETE, etc). Additionally, the REST API request failing is not an indication that an attacker was unsuccessful.
There are working POCs in the wild for this vulnerability.
The vulnerability has been patched in the following versions of the affected products:
If REST API for the affected device is enabled, it is recommended to check device logs for:
Note: a system configured for production use may produce logs that match these IOCs naturally. However, we would not expect these IOCs to match with URLs targeting sensitive REST API endpoints.
Disable HTTP/HTTPS administrative interface
Limit IP addresses that can reach the administrative interface:
Create the Local in Policy to restrict access only to the predefined group on management interface (here: port1):