CVE-2022-40684

Description from NVD

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Information Acquisition Date:2022-10-25T21:33Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://fortiguard.com/psirt/FG-IR-22-377
     source:CONFIRM
     tags:Mitigation    Vendor Advisory    
 http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html
     source:MISC
     tags:Exploit    Third Party Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Android(2 tweets) Apache(3 tweets) Apple(4 tweets) Linux(1 tweets) VPN(9 tweets) Wordpress(23 tweets) iOS(71 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://github976
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...184
https://cvetrends.com49
http://twinybots.ch26
https://lists.astaro.com/ASGV9-IPS-rules.html#020
https://securityaffairs.co/wordpress/136905/hacking/cve-202...19
https://www.horizon3.ai/fortinet-iocs-cve-2022-4068410
http://Horizon3.ai9
https://thehackernews.com/2022/10/fortinet-warns-of-new-aut...9
https://github.com/NagliNagli/BountyTricks/blob/main/CVE-20...8
https://blog.cyble.com/2022/11/24/multiple-organisations-co...8
https://www.cisa.gov/known-exploited-vulnerabilities-catalog7
https://www.bleepingcomputer.com/news/security/fortinet-war...7
https://www.jpcert.or.jp/at/2022/at220025.html6
http://Netlas.io5
https://opsmtrs.com/2ZFbaTl5
https://attackerkb.com/topics/QWOxGIKkGx/cve-2022-40684/rap...5
https://www.helpnetsecurity.com/2022/10/11/cve-2022-40684-e...5
https://www.rapid7.com/blog/post/2022/10/07/cve-2022-40684-...4
https://tweetedtimes.com/SritaKaren?s=tnp4
https://viz.greynoise.io/tag/fortios-authentication-bypass-...4
https://www.fortinet.com/blog/psirt-blogs/update-regarding-...4
https://www.wordfence.com/blog/2022/10/threat-advisory-cve-...4
https://blog.criminalip.io/2022/11/03/cve-2022-40684/4
https://www.fortiguard.com/psirt/FG-IR-22-3774
https://securityonline.info/researchers-have-developed-cve-...4
https://www.securityweek.com/fortinet-confirms-zero-day-vul...4
https://security.macnica.co.jp/blog/2022/10/fortinetcve-202...4
https://zpr.io/5pFiWsvhwaTS3
http://tag.name3
https://decipher.sc3
https://twitter.com/Gi7w0rm/status/1578299492822003712/photo/13
http://cyberiqs.com/latestnews3
https://app.netlas.io/responses/?q=tag.name%3A3
https://www.ipa.go.jp/security/ciadr/vul/alert20221011.html3
https://my.socprime.com/pricing3
https://www.tenable.com/blog/cve-2022-40684-critical-authen...3
https://www.tesorion.nl/nl/posts/fortinet-administrative-au...3
https://www.truesec.com/hub/blog/fortinet-cve-2022-40684-vu...3
https://www.secuavail.com/kb/nw-device/fortios-cve-2022-406843
https://infosecwriteups.com/cve-2022-40684-new-authenticati...3
https://blog.segu-info.com.ar/2022/10/vulnerabilidad-critic...3
https://unaaldia.hispasec.com/2022/10/vulnerabilidad-en-pro...3

▼ Show Information from Twitter(363)


List of frequently cited URLs

URLNum of Times Referred to
github976
alerts.vulmon.com184
cvetrends.com49
twinybots.ch26
lists.astaro.com20
securityaffairs.co19
www.horizon3.ai10
Horizon3.ai9
thehackernews.com9
github.com8
blog.cyble.com8
www.cisa.gov7
www.bleepingcomputer.com7
www.jpcert.or.jp6
Netlas.io5
opsmtrs.com5
attackerkb.com5
www.helpnetsecurity.com5
www.rapid7.com4
tweetedtimes.com4
viz.greynoise.io4
www.fortinet.com4
www.wordfence.com4
blog.criminalip.io4
www.fortiguard.com4
securityonline.info4
www.securityweek.com4
security.macnica.co.jp4
zpr.io3
tag.name3
decipher.sc3
twitter.com3
cyberiqs.com3
app.netlas.io3
www.ipa.go.jp3
my.socprime.com3
www.tenable.com3
www.tesorion.nl3
www.truesec.com3
www.secuavail.com3
infosecwriteups.com3
blog.segu-info.com.ar3
unaaldia.hispasec.com3

▼ Show Information from Twitter(363)


GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-40684 https://github.com/horizon3ai/CVE-2022-40684
carlosevieira/CVE-2022-40684 https://github.com/carlosevieira/CVE-2022-40684
secunnix/CVE-2022-40684 https://github.com/secunnix/CVE-2022-40684
Chocapikk/CVE-2022-40684 https://github.com/Chocapikk/CVE-2022-40684
TaroballzChen/CVE-2022-40684-metasploit-scanner https://github.com/TaroballzChen/CVE-2022-40684-metasploit-scanner
kljunowsky/CVE-2022-40684-POC https://github.com/kljunowsky/CVE-2022-40684-POC
qingsiweisan/CVE-2022-40684 https://github.com/qingsiweisan/CVE-2022-40684
Filiplain/Fortinet-PoC-Auth-Bypass https://github.com/Filiplain/Fortinet-PoC-Auth-Bypass
jsongmax/Fortinet-CVE-2022-40684 https://github.com/jsongmax/Fortinet-CVE-2022-40684
Grapphy/fortipwn https://github.com/Grapphy/fortipwn

GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-40684 github.com
carlosevieira/CVE-2022-40684 github.com
secunnix/CVE-2022-40684 github.com
Chocapikk/CVE-2022-40684 github.com
TaroballzChen/CVE-2022-40684-metasploit-scanner github.com
kljunowsky/CVE-2022-40684-POC github.com
qingsiweisan/CVE-2022-40684 github.com
Filiplain/Fortinet-PoC-Auth-Bypass github.com
jsongmax/Fortinet-CVE-2022-40684 github.com
Grapphy/fortipwn github.com

2022/12/02 Score : 1
Added Har-sia Database : 2022/10/07
Last Modified : 2022/12/02
Highest Scored Date : 2022/10/14
Highest Score : 231