9.8

CVE-2022-40684

Warnung
Medienbericht
Exploit
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiProxy Version >= 7.0.0 < 7.0.7
FortinetFortiProxy Version7.2.0
FortinetFortiSwitch Manager Version7.0.0
FortinetFortiSwitch Manager Version7.2.0
FortinetFortiOS Version >= 7.0.0 < 7.0.7
FortinetFortiOS Version >= 7.2.0 < 7.2.2

11.10.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Fortinet Multiple Products Authentication Bypass Vulnerability

Schwachstelle

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.98% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@fortinet.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
26.06.2026 21:08
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
14.11.2025 08:50
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html
Third Party Advisory
Exploit
VDB Entry
https://fortiguard.com/psirt/FG-IR-22-377
Vendor Advisory
Mitigation
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684
US Government Resource