⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-11-01.

CVE-2022-40684

CWE-287 — Improper Authentication CWE-288 CWE-306 — Missing Authentication18 documents13 sources

Severity

9.8CRITICAL

EPSS

94.4%

top 0.02%

CISA KEV

KEVRansomware

Added 2022-10-11

Due 2022-11-01

Exploit

Exploited in wild

Active exploitation observed

Affected products

Fortinet Fortios Fortinet Fortiproxy Fortinet Fortiswitchmanager

Timeline

KEV addedOct 11

PublishedOct 18

KEV dueNov 1

Latest updateApr 16

CISA Required Action: Apply updates per vendor instructions.

Description

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDfortinet/fortios7.0.0 — 7.0.7+1

▶NVDfortinet/fortiproxy7.0.0 — 7.0.7+1

▶NVDfortinet/fortiswitchmanager7.0.0, 7.2.0+1

🔴Vulnerability Details

GHSA

GHSA-m3wm-rjvf-m778: An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7↗2022-10-18

▶

CVEList

CVE-2022-40684: An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7↗2022-10-18

▶

VulnCheck

Fortinet Multiple Products Authentication Bypass Vulnerability↗2022

▶

💥Exploits & PoCs

Exploit-DB

Fortinet FortiOS_ FortiProxy_ and FortiSwitchManager 7.2.0 - Authentication bypass↗2025-04-16

▶

Exploit-DB

FortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass↗2023-03-27

▶

Nuclei

FortiOS Admin Login Panel - Detect

▶

Nuclei

Fortinet - Authentication Bypass

▶

🔍Detection Rules

Suricata

ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Config Leaked (CVE-2022-40684)↗2022-10-20

▶

Suricata

ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Administrative Details Leaked (CVE-2022-40684)↗2022-10-17

▶

Suricata

ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - SSH Key Upload (CVE-2022-40684)↗2022-10-17

▶

Suricata

ET WEB_SERVER [Cluster25] FortiOS Auth Bypass Attempt (CVE-2022-40684)↗2022-10-12

▶

📋Vendor Advisories

Fortinet

Authentication bypass in administrative interface↗2022-10-18

▶

CISA

Fortinet Multiple Products Authentication Bypass Vulnerability↗2022-10-11

▶

🕵️Threat Intelligence

Fortinet

Update Regarding CVE-2022-40684 | Fortinet Blog↗2022-10-14

▶

Threat Intel

Belsen Group

▶