← Voltar para CVEs
CVE-2022-40684
CRITICALCISA KEV9.8
Descricao
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/18/2022
Ultima modificacao1/14/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorFortinet
ProdutoMultiple Products
Nome da vulnerabilidadeFortinet Multiple Products Authentication Bypass Vulnerability
Data inclusao KEV2022-10-11
Prazo de remediacao2022-11-01
Uso em ransomwareKnown
Produtos afetados
fortinet:fortiosfortinet:fortiproxyfortinet:fortiswitchmanager
Fraquezas (CWE)
CWE-287CWE-287
Referencias
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html(psirt@fortinet.com)
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html(psirt@fortinet.com)
https://fortiguard.com/psirt/FG-IR-22-377(psirt@fortinet.com)
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
https://fortiguard.com/psirt/FG-IR-22-377(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.