← Zuruck zu CVEs
CVE-2022-40684
CRITICALCISA KEV9.8
Beschreibung
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/18/2022
Zuletzt geandert1/14/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerFortinet
ProduktMultiple Products
SchwachstellennameFortinet Multiple Products Authentication Bypass Vulnerability
KEV Aufnahmedatum2022-10-11
Behebungsfrist2022-11-01
Ransomware-NutzungKnown
Betroffene Produkte
fortinet:fortiosfortinet:fortiproxyfortinet:fortiswitchmanager
Schwachen (CWE)
CWE-287CWE-287
Referenzen
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html(psirt@fortinet.com)
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html(psirt@fortinet.com)
https://fortiguard.com/psirt/FG-IR-22-377(psirt@fortinet.com)
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
https://fortiguard.com/psirt/FG-IR-22-377(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.