← Retour aux CVEs
CVE-2022-40684
CRITICALCISA KEV9.8
Description
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/18/2022
Derniere modification1/14/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurFortinet
ProduitMultiple Products
Nom vulnerabiliteFortinet Multiple Products Authentication Bypass Vulnerability
Date ajout KEV2022-10-11
Date limite remediation2022-11-01
Utilise dans ransomwareKnown
Produits affectes
fortinet:fortiosfortinet:fortiproxyfortinet:fortiswitchmanager
Faiblesses (CWE)
CWE-287CWE-287
References
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html(psirt@fortinet.com)
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html(psirt@fortinet.com)
https://fortiguard.com/psirt/FG-IR-22-377(psirt@fortinet.com)
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
https://fortiguard.com/psirt/FG-IR-22-377(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.