CVE-2022-40684
Fortinet Multiple Products Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
23Exploited in Wild
YesDecision
Descriptions
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Una omisión de autenticación usando una ruta o canal alternativo [CWE-288] en Fortinet FortiOS versión versiones 7.2.0 hasta 7.2.1 y 7.0.0 hasta 7.0.6, FortiProxy versión 7.2.0 y versiones 7.0.0 hasta 7.0.6 y FortiSwitchManager versión 7.2.0 y 7.0.0, permite a un atacante no autenticado llevar a cabo operaciones en la interfaz administrativa por medio de peticiones HTTP o HTTPS especialmente diseñadas
Fortinet FortiOS, FortiProxy, and FortiSwitchManager version 7.2.1 suffers from a authentication bypass vulnerability.
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2022-09-14 CVE Reserved
- 2022-10-11 Exploited in Wild
- 2022-10-13 First Exploit
- 2022-10-18 CVE Published
- 2022-11-01 KEV Due Date
- 2024-10-23 CVE Updated
- 2024-10-31 EPSS Updated
CWE
- CWE-287: Improper Authentication
CAPEC
References (26)
URL | Tag | Source |
---|---|---|
https://www.fortiguard.com/psirt/FG-IR-22-377 | ||
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://fortiguard.com/psirt/FG-IR-22-377 | 2024-06-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | >= 7.0.0 < 7.0.7 Search vendor "Fortinet" for product "Fortiproxy" and version " >= 7.0.0 < 7.0.7" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | 7.2.0 Search vendor "Fortinet" for product "Fortiproxy" and version "7.2.0" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortiswitchmanager Search vendor "Fortinet" for product "Fortiswitchmanager" | 7.0.0 Search vendor "Fortinet" for product "Fortiswitchmanager" and version "7.0.0" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortiswitchmanager Search vendor "Fortinet" for product "Fortiswitchmanager" | 7.2.0 Search vendor "Fortinet" for product "Fortiswitchmanager" and version "7.2.0" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 7.0.0 < 7.0.7 Search vendor "Fortinet" for product "Fortios" and version " >= 7.0.0 < 7.0.7" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 7.2.0 < 7.2.2 Search vendor "Fortinet" for product "Fortios" and version " >= 7.2.0 < 7.2.2" | - |
Affected
|