CVE-2022-40684

Description from NVD

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Information Acquisition Date:2022-10-25T21:33Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://fortiguard.com/psirt/FG-IR-22-377
     source:CONFIRM
     tags:Mitigation    Vendor Advisory    
 http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html
     source:MISC
     tags:Exploit    Third Party Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: VPN(4 tweets) iOS(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://github976
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...184
https://cvetrends.com50
http://twinybots.ch25
https://lists.astaro.com/ASGV9-IPS-rules.html#020
https://blog.scrt.ch/2023/03/14/producing-a-poc-for-cve-202...17
https://www.fortiguard.com/psirt/FG-IR-22-3778
http://Horizon3.ai7
https://www.cisa.gov/known-exploited-vulnerabilities-catalog7
https://thehackernews.com/2022/10/fortinet-warns-of-new-aut...7
https://securityaffairs.co/wordpress/136905/hacking/cve-202...7
https://www.bleepingcomputer.com/news/security/fortinet-war...7
http://Netlas.io5
https://opsmtrs.com/2ZFbaTl5
https://twitter.com/Gi7w0rm/status/1578299492822003712/photo/15
https://attackerkb.com/topics/QWOxGIKkGx/cve-2022-40684/rap...5
https://www.helpnetsecurity.com/2022/10/11/cve-2022-40684-e...5
https://www.rapid7.com/blog/post/2022/10/07/cve-2022-40684-...4
https://tweetedtimes.com/SritaKaren?s=tnp4
https://viz.greynoise.io/tag/fortios-authentication-bypass-...4
https://www.wordfence.com/blog/2022/10/threat-advisory-cve-...4
https://blog.criminalip.io/2022/11/03/cve-2022-40684/4
https://securityonline.info/researchers-have-developed-cve-...4
https://www.securityweek.com/fortinet-confirms-zero-day-vul...4
https://security.macnica.co.jp/blog/2022/10/fortinetcve-202...4
https://zpr.io/5pFiWsvhwaTS3
http://tag.name3
https://github.com/NagliNagli/BountyTricks/blob/main/CVE-20...3
https://decipher.sc3
http://cyberiqs.com/latestnews3
https://app.netlas.io/responses/?q=tag.name%3A3
https://www.ipa.go.jp/security/ciadr/vul/alert20221011.html3
https://blog.cyble.com/2022/11/24/multiple-organisations-co...3
https://my.socprime.com/pricing3
https://www.horizon3.ai/fortinet-iocs-cve-2022-406843
https://www.tenable.com/blog/cve-2022-40684-critical-authen...3
https://www.tesorion.nl/nl/posts/fortinet-administrative-au...3
https://www.truesec.com/hub/blog/fortinet-cve-2022-40684-vu...3
https://www.fortinet.com/blog/psirt-blogs/update-regarding-...3
https://www.jpcert.or.jp/at/2022/at220025.html3
https://www.secuavail.com/kb/nw-device/fortios-cve-2022-406843
https://infosecwriteups.com/cve-2022-40684-new-authenticati...3
https://blog.segu-info.com.ar/2022/10/vulnerabilidad-critic...3
https://unaaldia.hispasec.com/2022/10/vulnerabilidad-en-pro...3

▼ Show Information from Twitter(15)

List of frequently cited URLs

URLNum of Times Referred to
github976
alerts.vulmon.com184
cvetrends.com50
twinybots.ch25
lists.astaro.com20
blog.scrt.ch17
www.fortiguard.com8
Horizon3.ai7
www.cisa.gov7
thehackernews.com7
securityaffairs.co7
www.bleepingcomputer.com7
Netlas.io5
opsmtrs.com5
twitter.com5
attackerkb.com5
www.helpnetsecurity.com5
www.rapid7.com4
tweetedtimes.com4
viz.greynoise.io4
www.wordfence.com4
blog.criminalip.io4
securityonline.info4
www.securityweek.com4
security.macnica.co.jp4
zpr.io3
tag.name3
github.com3
decipher.sc3
cyberiqs.com3
app.netlas.io3
www.ipa.go.jp3
blog.cyble.com3
my.socprime.com3
www.horizon3.ai3
www.tenable.com3
www.tesorion.nl3
www.truesec.com3
www.fortinet.com3
www.jpcert.or.jp3
www.secuavail.com3
infosecwriteups.com3
blog.segu-info.com.ar3
unaaldia.hispasec.com3

▼ Show Information from Twitter(15)

GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-40684 https://github.com/horizon3ai/CVE-2022-40684
carlosevieira/CVE-2022-40684 https://github.com/carlosevieira/CVE-2022-40684
secunnix/CVE-2022-40684 https://github.com/secunnix/CVE-2022-40684
Chocapikk/CVE-2022-40684 https://github.com/Chocapikk/CVE-2022-40684
TaroballzChen/CVE-2022-40684-metasploit-scanner https://github.com/TaroballzChen/CVE-2022-40684-metasploit-scanner
kljunowsky/CVE-2022-40684-POC https://github.com/kljunowsky/CVE-2022-40684-POC
qingsiweisan/CVE-2022-40684 https://github.com/qingsiweisan/CVE-2022-40684
Filiplain/Fortinet-PoC-Auth-Bypass https://github.com/Filiplain/Fortinet-PoC-Auth-Bypass
jsongmax/Fortinet-CVE-2022-40684 https://github.com/jsongmax/Fortinet-CVE-2022-40684
Grapphy/fortipwn https://github.com/Grapphy/fortipwn
GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-40684 github.com
carlosevieira/CVE-2022-40684 github.com
secunnix/CVE-2022-40684 github.com
Chocapikk/CVE-2022-40684 github.com
TaroballzChen/CVE-2022-40684-metasploit-scanner github.com
kljunowsky/CVE-2022-40684-POC github.com
qingsiweisan/CVE-2022-40684 github.com
Filiplain/Fortinet-PoC-Auth-Bypass github.com
jsongmax/Fortinet-CVE-2022-40684 github.com
Grapphy/fortipwn github.com
2023/04/18 Score : 0
Added Har-sia Database : 2022/10/07
Last Modified : 2023/04/18
Highest Scored Date : 2022/10/14
Highest Score : 231