Vulnerability-Lookup

CVE-2022-40684 (GCVE-0-2022-40684)

Vulnerability from cvelistv5 – Published: 2022-10-18 00:00 – Updated: 2026-01-12 21:20

CISA KEV

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

CWE

Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

	https://fortiguard.com/psirt/FG-IR-22-377
	http://packetstormsecurity.com/files/169431/Forti…
	http://packetstormsecurity.com/files/171515/Forti…

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiOS, FortiProxy, FortiSwitchManager	Affected: FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiSwitchManager 7.2.0, 7.0.0

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 7d5078d2-9fc2-443b-952b-331db33a6a5e

Vulnerability ID: CVE-2022-40684

Status: Confirmed

Status Updated: 2022-10-11 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2022-10-11

Asserted: 2022-10-11

Scope

Notes: KEV entry: Fortinet Multiple Products Authentication Bypass Vulnerability | Affected: Fortinet / Multiple Products | Description: Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-01 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-22-377; https://nvd.nist.gov/vuln/detail/CVE-2022-40684

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-288
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Multiple Products
Due Date	2022-11-01
Date Added	2022-10-11
Vendorproject	Fortinet
Vulnerabilityname	Fortinet Multiple Products Authentication Bypass Vulnerability
Knownransomwarecampaignuse	Known

References

CVE-2022-40684

Created: 2026-02-02 12:27 UTC | Updated: 2026-02-02 12:27 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:21:46.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-377"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40684",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:27:43.070187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-10-11",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-12T21:20:08.364Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiOS, FortiProxy, FortiSwitchManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiSwitchManager 7.2.0, 7.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 9.6,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-27T00:00:00.000Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "url": "https://fortiguard.com/psirt/FG-IR-22-377"
        },
        {
          "url": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-40684",
    "datePublished": "2022-10-18T00:00:00.000Z",
    "dateReserved": "2022-09-14T00:00:00.000Z",
    "dateUpdated": "2026-01-12T21:20:08.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-40684",
      "cwes": "[\"CWE-288\"]",
      "dateAdded": "2022-10-11",
      "dueDate": "2022-11-01",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://www.fortiguard.com/psirt/FG-IR-22-377;  https://nvd.nist.gov/vuln/detail/CVE-2022-40684",
      "product": "Multiple Products",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",
      "vendorProject": "Fortinet",
      "vulnerabilityName": "Fortinet Multiple Products Authentication Bypass Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-11-01",
      "cisaExploitAdd": "2022-10-11",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Fortinet Multiple Products Authentication Bypass Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.0.7\", \"matchCriteriaId\": \"B778AD94-D279-42B4-A062-8231F14936B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5F302F8-482A-4DA9-BDD9-63886B202B52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B4A6B0D-1614-443B-8EBA-A8FBC2E1A832\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B73D78B-2270-45B7-854E-F985B8D88F3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.0.7\", \"matchCriteriaId\": \"A86B1AB3-F33E-461C-A19C-C3A51B47AC5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2.0\", \"versionEndExcluding\": \"7.2.2\", \"matchCriteriaId\": \"B2DDB271-0A73-4C94-B3CE-B766E99898C0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.\"}, {\"lang\": \"es\", \"value\": \"Una omisi\\u00f3n de autenticaci\\u00f3n usando una ruta o canal alternativo [CWE-288] en Fortinet FortiOS versi\\u00f3n versiones 7.2.0 hasta 7.2.1 y 7.0.0 hasta 7.0.6, FortiProxy versi\\u00f3n 7.2.0 y versiones 7.0.0 hasta 7.0.6 y FortiSwitchManager versi\\u00f3n 7.2.0 y 7.0.0, permite a un atacante no autenticado llevar a cabo operaciones en la interfaz administrativa por medio de peticiones HTTP o HTTPS especialmente dise\\u00f1adas\"}]",
      "id": "CVE-2022-40684",
      "lastModified": "2024-11-21T07:21:51.170",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2022-10-18T14:15:09.747",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-22-377\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-22-377\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-40684\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2022-10-18T14:15:09.747\",\"lastModified\":\"2026-01-14T19:19:58.407\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.\"},{\"lang\":\"es\",\"value\":\"Una omisi\u00f3n de autenticaci\u00f3n usando una ruta o canal alternativo [CWE-288] en Fortinet FortiOS versi\u00f3n versiones 7.2.0 hasta 7.2.1 y 7.0.0 hasta 7.0.6, FortiProxy versi\u00f3n 7.2.0 y versiones 7.0.0 hasta 7.0.6 y FortiSwitchManager versi\u00f3n 7.2.0 y 7.0.0, permite a un atacante no autenticado llevar a cabo operaciones en la interfaz administrativa por medio de peticiones HTTP o HTTPS especialmente dise\u00f1adas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2022-10-11\",\"cisaActionDue\":\"2022-11-01\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Fortinet Multiple Products Authentication Bypass Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.7\",\"matchCriteriaId\":\"B778AD94-D279-42B4-A062-8231F14936B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5F302F8-482A-4DA9-BDD9-63886B202B52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4A6B0D-1614-443B-8EBA-A8FBC2E1A832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B73D78B-2270-45B7-854E-F985B8D88F3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.7\",\"matchCriteriaId\":\"A86B1AB3-F33E-461C-A19C-C3A51B47AC5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.2\",\"matchCriteriaId\":\"B2DDB271-0A73-4C94-B3CE-B766E99898C0\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-377\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-377\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-377\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:21:46.541Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-40684\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T13:27:43.070187Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-10-11\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T13:27:59.005Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C\", \"temporalScore\": 9.6, \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"remediationLevel\": \"UNAVAILABLE\", \"reportConfidence\": \"CONFIRMED\", \"temporalSeverity\": \"CRITICAL\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"exploitCodeMaturity\": \"FUNCTIONAL\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"Fortinet FortiOS, FortiProxy, FortiSwitchManager\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiSwitchManager 7.2.0, 7.0.0\"}]}], \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-377\"}, {\"url\": \"http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html\"}, {\"url\": \"http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2023-03-27T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-40684\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-12T21:20:08.364Z\", \"dateReserved\": \"2022-09-14T00:00:00.000Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2022-10-18T00:00:00.000Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2022-AVI-894

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.10
Fortinet	N/A	FortiTester versions 4.x antérieures à 4.2.1
Fortinet	N/A	FortiTester versions 7.x antérieures à 7.1.1
Fortinet	FortiProxy	FortiProxy versions antérieures à 2.0.10
Fortinet	FortiOS	FortiOS versions 6.0.x antérieures à 6.0.15 (ces versions sont affectées par la vulnérabilité CVE-2022-29055, il est préférable de migrer vers la version 6.2.11)
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.x antérieures à 7.2.1
Fortinet	FortiManager	FortiManager versions antérieures à 7.0.4
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.11
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.0.4
Fortinet	N/A	FortiTester versions antérieures à 3.9.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-086 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-377 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-242 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-237 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-026 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-244 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-247 du 10 octobre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 4.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 2.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.15 (ces versions sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2022-29055, il est pr\u00e9f\u00e9rable de migrer vers la version 6.2.11)",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 3.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-33873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33873"
    },
    {
      "name": "CVE-2022-29055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29055"
    },
    {
      "name": "CVE-2022-40684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40684"
    },
    {
      "name": "CVE-2021-44171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44171"
    },
    {
      "name": "CVE-2022-26121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26121"
    },
    {
      "name": "CVE-2022-35846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35846"
    },
    {
      "name": "CVE-2022-35844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35844"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-894",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-086 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-086"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-377 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-377"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-242 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-242"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-237 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-237"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-026 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-026"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-244 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-244"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-247 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-247"
    }
  ]
}

CERTFR-2022-AVI-894

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.10
Fortinet	N/A	FortiTester versions 4.x antérieures à 4.2.1
Fortinet	N/A	FortiTester versions 7.x antérieures à 7.1.1
Fortinet	FortiProxy	FortiProxy versions antérieures à 2.0.10
Fortinet	FortiOS	FortiOS versions 6.0.x antérieures à 6.0.15 (ces versions sont affectées par la vulnérabilité CVE-2022-29055, il est préférable de migrer vers la version 6.2.11)
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.x antérieures à 7.2.1
Fortinet	FortiManager	FortiManager versions antérieures à 7.0.4
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.11
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.0.4
Fortinet	N/A	FortiTester versions antérieures à 3.9.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-086 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-377 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-242 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-237 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-026 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-244 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-247 du 10 octobre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 4.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 2.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.15 (ces versions sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2022-29055, il est pr\u00e9f\u00e9rable de migrer vers la version 6.2.11)",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 3.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-33873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33873"
    },
    {
      "name": "CVE-2022-29055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29055"
    },
    {
      "name": "CVE-2022-40684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40684"
    },
    {
      "name": "CVE-2021-44171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44171"
    },
    {
      "name": "CVE-2022-26121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26121"
    },
    {
      "name": "CVE-2022-35846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35846"
    },
    {
      "name": "CVE-2022-35844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35844"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-894",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-086 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-086"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-377 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-377"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-242 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-242"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-237 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-237"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-026 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-026"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-244 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-244"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-247 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-247"
    }
  ]
}

GHSA-M3WM-RJVF-M778

Vulnerability from github – Published: 2022-10-18 19:00 – Updated: 2025-10-22 00:32

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-40684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-18T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",
  "id": "GHSA-m3wm-rjvf-m778",
  "modified": "2025-10-22T00:32:37Z",
  "published": "2022-10-18T19:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40684"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-22-377"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-40684

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-40684

Aliases

CVE-2022-40684

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-40684",
    "id": "GSD-2022-40684"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-40684"
      ],
      "details": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",
      "id": "GSD-2022-40684",
      "modified": "2023-12-13T01:19:30.975063Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2022-40684",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiOS, FortiProxy, FortiSwitchManager",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiSwitchManager 7.2.0, 7.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "Low",
          "attackVector": "Network",
          "availabilityImpact": "High",
          "baseScore": 9.6,
          "baseSeverity": "Critical",
          "confidentialityImpact": "High",
          "integrityImpact": "High",
          "privilegesRequired": "None",
          "scope": "Unchanged",
          "userInteraction": "None",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-377",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/psirt/FG-IR-22-377"
          },
          {
            "name": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.7",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.7",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.2",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-40684"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-377",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-22-377"
            },
            {
              "name": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-27T18:15Z",
      "publishedDate": "2022-10-18T14:15Z"
    }
  }
}

CERTFR-2022-ALE-011

Vulnerability from certfr_alerte - Published: - Updated:

Le 07 octobre 2022, des informations ont circulé concernant l’existence d’une vulnérabilité critique dans les produits Fortinet. Le 11 octobre 2022, l’éditeur a publié un avis de sécurité détaillant l’existence d’une vulnérabilité permettant à un attaquant non authentifié de pouvoir réaliser des actions au travers de l’interface d’administration.

L’éditeur indique que cette vulnérabilité a fait l’objet d’une attaque ciblée.

Le 13 octobre 2022, des chercheurs ont publié un rapport détaillé ainsi qu'une preuve de concept. Depuis cette publication, le CERT-FR constate que des variations de ce code d'exploitation sont publiquement disponibles.

Le CERT-FR anticipe des exploitations en masse de la vulnérabilité CVE-2022-40684, d'autant plus que de nombreuses interfaces d’administration de produits Fortinet sont exposées sur Internet.

L'exposition d'une interface de gestion sur Internet est contraire aux bonnes pratiques. Dans le cas où l’administration à distance est impératif, une première mesure temporaire peut consister à restreindre l'accès à des adresses ip de confiance. Il cependant conseillé de suivre les recommandations du guide publié par l'ANSSI pour la sécurisation de l'administration du SI [1].

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'application seule des correctifs n'est pas suffisante. En effet, si un attaquant a exploité la vulnérabilité avant leur application, il a pu déposer une porte dérobée qui lui permettra de se connecter ultérieurement au système. A titre d'exemple, les codes d’exploitation observés jusqu'ici déposent une clé publique SSH.

D'autres méthodes d'attaques, permettant, entre autres, des fuites de données ou une exécution de code arbitraire, ne sont pas à exclure.

Les tentatives d'exploitation liées à ces codes publics peuvent être détectées en vérifiant, dans les journaux de l'équipement, la présence d'un "User-Agent" égal à "Report Runner" ou "Node.js", ainsi que la présence du motif "127.0.0.1" dans le champ "Forwarded".

Ces marqueurs préliminaires sont fournis à titre indicatif et ne sont pas exhaustifs.

Contournement provisoire

Dans son avis de sécurité (cf. section Documentation), Fortinet détaille la procédure pour désactiver l'interface d’administration ou restreindre son accès à des adresses ip de confiance.

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.1
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-377 du 10 octobre 2022	None	vendor-advisory
Bulletin d'actualité CERT-FR CERTFR-2022-ACT-044 du 11 octobre 2022	-	other
[1] Recommandations relatives à l’administration sécurisée des systèmes d’information	-	other
Le guide d'hygiène informatique	-	other
Avis CERT-FR CERTFR-2022-AVI-894 du 11 octobre 2022	-	other
Les bons réflexes en cas d’intrusion sur un système d’information	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2023-07-26",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nL\u0027application seule des correctifs n\u0027est pas suffisante. En effet, si un\nattaquant a exploit\u00e9 la vuln\u00e9rabilit\u00e9 avant leur application, il a pu\nd\u00e9poser une porte d\u00e9rob\u00e9e qui lui permettra de se connecter\nult\u00e9rieurement au syst\u00e8me. A titre d\u0027exemple, les codes d\u2019exploitation\nobserv\u00e9s jusqu\u0027ici d\u00e9posent une cl\u00e9 publique SSH.\n\nD\u0027autres m\u00e9thodes d\u0027attaques, permettant, entre autres, des fuites de\ndonn\u00e9es ou une ex\u00e9cution de code arbitraire, ne sont pas \u00e0 exclure.\n\nLes tentatives d\u0027exploitation li\u00e9es \u00e0 ces codes publics peuvent \u00eatre\nd\u00e9tect\u00e9es en v\u00e9rifiant, dans les journaux de l\u0027\u00e9quipement, la pr\u00e9sence\nd\u0027un\u00a0*\"User-Agent\"* \u00e9gal \u00e0 *\"\u003cspan class=\"pl-s\"\u003eReport Runner\u003c/span\u003e\"*\nou *\"Node.js\"*, ainsi que la pr\u00e9sence du motif *\"127.0.0.1\"* dans le\nchamp *\"Forwarded\"*.\n\nCes marqueurs pr\u00e9liminaires sont fournis \u00e0 titre indicatif et ne sont\npas exhaustifs.\n\n## Contournement provisoire\n\nDans son avis de s\u00e9curit\u00e9 (cf. section Documentation), Fortinet d\u00e9taille\nla proc\u00e9dure pour d\u00e9sactiver l\u0027interface d\u2019administration ou restreindre\nson acc\u00e8s \u00e0 des adresses ip de confiance.\n",
  "cves": [
    {
      "name": "CVE-2022-40684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40684"
    }
  ],
  "links": [
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERT-FR\u00a0CERTFR-2022-ACT-044\u00a0du 11 octobre 2022",
      "url": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2022-ACT-044/"
    },
    {
      "title": "[1] Recommandations relatives \u00e0 l\u2019administration s\u00e9curis\u00e9e des syst\u00e8mes d\u2019information",
      "url": "https://www.ssi.gouv.fr/administration/guide/securiser-ladministration-des-systemes-dinformation/"
    },
    {
      "title": "Le guide d\u0027hygi\u00e8ne informatique",
      "url": "https://www.ssi.gouv.fr/uploads/2017/01/guide_hygiene_informatique_anssi.pdf"
    },
    {
      "title": "Avis CERT-FR\u00a0CERTFR-2022-AVI-894 du 11 octobre 2022",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-894/"
    },
    {
      "title": "Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    }
  ],
  "reference": "CERTFR-2022-ALE-011",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le 07 octobre 2022, des informations ont circul\u00e9 concernant l\u2019existence\nd\u2019une vuln\u00e9rabilit\u00e9 critique dans les produits Fortinet. Le 11 octobre\n2022, l\u2019\u00e9diteur a publi\u00e9 un avis de s\u00e9curit\u00e9 d\u00e9taillant l\u2019existence\nd\u2019une vuln\u00e9rabilit\u00e9 permettant \u00e0 un attaquant non authentifi\u00e9 de pouvoir\nr\u00e9aliser des actions au travers de l\u2019interface d\u2019administration.\n\nL\u2019\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 a fait l\u2019objet d\u2019une attaque\ncibl\u00e9e.\n\nLe 13 octobre 2022, des chercheurs ont publi\u00e9 un rapport d\u00e9taill\u00e9 ainsi\nqu\u0027une preuve de concept. Depuis cette publication, le CERT-FR constate\nque des variations de ce code d\u0027exploitation sont publiquement\ndisponibles.\n\nLe CERT-FR anticipe des exploitations en masse de la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2022-40684, d\u0027autant plus que de nombreuses interfaces\nd\u2019administration de produits Fortinet sont expos\u00e9es sur Internet.\n\nL\u0027exposition d\u0027une interface de gestion sur Internet est contraire aux\nbonnes pratiques. Dans le cas o\u00f9 l\u2019administration \u00e0 distance est\nimp\u00e9ratif, une premi\u00e8re mesure temporaire peut consister \u00e0 restreindre\nl\u0027acc\u00e8s \u00e0 des adresses ip de confiance. Il cependant conseill\u00e9 de suivre\nles recommandations du guide publi\u00e9 par l\u0027ANSSI pour la s\u00e9curisation de\nl\u0027administration du SI \\[1\\].\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-377 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-377"
    }
  ]
}

CERTFR-2022-ALE-011

Vulnerability from certfr_alerte - Published: - Updated:

L’éditeur indique que cette vulnérabilité a fait l’objet d’une attaque ciblée.

Le CERT-FR anticipe des exploitations en masse de la vulnérabilité CVE-2022-40684, d'autant plus que de nombreuses interfaces d’administration de produits Fortinet sont exposées sur Internet.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

D'autres méthodes d'attaques, permettant, entre autres, des fuites de données ou une exécution de code arbitraire, ne sont pas à exclure.

Ces marqueurs préliminaires sont fournis à titre indicatif et ne sont pas exhaustifs.

Contournement provisoire

Dans son avis de sécurité (cf. section Documentation), Fortinet détaille la procédure pour désactiver l'interface d’administration ou restreindre son accès à des adresses ip de confiance.

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.1
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-377 du 10 octobre 2022	None	vendor-advisory
Bulletin d'actualité CERT-FR CERTFR-2022-ACT-044 du 11 octobre 2022	-	other
[1] Recommandations relatives à l’administration sécurisée des systèmes d’information	-	other
Le guide d'hygiène informatique	-	other
Avis CERT-FR CERTFR-2022-AVI-894 du 11 octobre 2022	-	other
Les bons réflexes en cas d’intrusion sur un système d’information	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2023-07-26",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nL\u0027application seule des correctifs n\u0027est pas suffisante. En effet, si un\nattaquant a exploit\u00e9 la vuln\u00e9rabilit\u00e9 avant leur application, il a pu\nd\u00e9poser une porte d\u00e9rob\u00e9e qui lui permettra de se connecter\nult\u00e9rieurement au syst\u00e8me. A titre d\u0027exemple, les codes d\u2019exploitation\nobserv\u00e9s jusqu\u0027ici d\u00e9posent une cl\u00e9 publique SSH.\n\nD\u0027autres m\u00e9thodes d\u0027attaques, permettant, entre autres, des fuites de\ndonn\u00e9es ou une ex\u00e9cution de code arbitraire, ne sont pas \u00e0 exclure.\n\nLes tentatives d\u0027exploitation li\u00e9es \u00e0 ces codes publics peuvent \u00eatre\nd\u00e9tect\u00e9es en v\u00e9rifiant, dans les journaux de l\u0027\u00e9quipement, la pr\u00e9sence\nd\u0027un\u00a0*\"User-Agent\"* \u00e9gal \u00e0 *\"\u003cspan class=\"pl-s\"\u003eReport Runner\u003c/span\u003e\"*\nou *\"Node.js\"*, ainsi que la pr\u00e9sence du motif *\"127.0.0.1\"* dans le\nchamp *\"Forwarded\"*.\n\nCes marqueurs pr\u00e9liminaires sont fournis \u00e0 titre indicatif et ne sont\npas exhaustifs.\n\n## Contournement provisoire\n\nDans son avis de s\u00e9curit\u00e9 (cf. section Documentation), Fortinet d\u00e9taille\nla proc\u00e9dure pour d\u00e9sactiver l\u0027interface d\u2019administration ou restreindre\nson acc\u00e8s \u00e0 des adresses ip de confiance.\n",
  "cves": [
    {
      "name": "CVE-2022-40684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40684"
    }
  ],
  "links": [
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERT-FR\u00a0CERTFR-2022-ACT-044\u00a0du 11 octobre 2022",
      "url": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2022-ACT-044/"
    },
    {
      "title": "[1] Recommandations relatives \u00e0 l\u2019administration s\u00e9curis\u00e9e des syst\u00e8mes d\u2019information",
      "url": "https://www.ssi.gouv.fr/administration/guide/securiser-ladministration-des-systemes-dinformation/"
    },
    {
      "title": "Le guide d\u0027hygi\u00e8ne informatique",
      "url": "https://www.ssi.gouv.fr/uploads/2017/01/guide_hygiene_informatique_anssi.pdf"
    },
    {
      "title": "Avis CERT-FR\u00a0CERTFR-2022-AVI-894 du 11 octobre 2022",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-894/"
    },
    {
      "title": "Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    }
  ],
  "reference": "CERTFR-2022-ALE-011",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le 07 octobre 2022, des informations ont circul\u00e9 concernant l\u2019existence\nd\u2019une vuln\u00e9rabilit\u00e9 critique dans les produits Fortinet. Le 11 octobre\n2022, l\u2019\u00e9diteur a publi\u00e9 un avis de s\u00e9curit\u00e9 d\u00e9taillant l\u2019existence\nd\u2019une vuln\u00e9rabilit\u00e9 permettant \u00e0 un attaquant non authentifi\u00e9 de pouvoir\nr\u00e9aliser des actions au travers de l\u2019interface d\u2019administration.\n\nL\u2019\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 a fait l\u2019objet d\u2019une attaque\ncibl\u00e9e.\n\nLe 13 octobre 2022, des chercheurs ont publi\u00e9 un rapport d\u00e9taill\u00e9 ainsi\nqu\u0027une preuve de concept. Depuis cette publication, le CERT-FR constate\nque des variations de ce code d\u0027exploitation sont publiquement\ndisponibles.\n\nLe CERT-FR anticipe des exploitations en masse de la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2022-40684, d\u0027autant plus que de nombreuses interfaces\nd\u2019administration de produits Fortinet sont expos\u00e9es sur Internet.\n\nL\u0027exposition d\u0027une interface de gestion sur Internet est contraire aux\nbonnes pratiques. Dans le cas o\u00f9 l\u2019administration \u00e0 distance est\nimp\u00e9ratif, une premi\u00e8re mesure temporaire peut consister \u00e0 restreindre\nl\u0027acc\u00e8s \u00e0 des adresses ip de confiance. Il cependant conseill\u00e9 de suivre\nles recommandations du guide publi\u00e9 par l\u0027ANSSI pour la s\u00e9curisation de\nl\u0027administration du SI \\[1\\].\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-377 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-377"
    }
  ]
}

VAR-202210-0198

Vulnerability from variot - Updated: 2023-12-18 12:54

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. fortinet's FortiProxy , FortiSwitch Manager , FortiOS There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiOS has security flaws. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202210-0198",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.2"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.7"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortiswitchmanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortiproxy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.7"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortiproxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortiproxy",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortiswitchmanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.2.0  that\u0027s all  7.2.2"
      },
      {
        "model": "fortiswitch manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiproxy",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.0  that\u0027s all  7.0.7"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40684"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.7",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.7",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.2",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-40684"
      }
    ]
  },
  "cve": "CVE-2022-40684",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-40684",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-40684",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-40684",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202210-347",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40684"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-347"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. fortinet\u0027s FortiProxy , FortiSwitch Manager , FortiOS There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiOS has security flaws. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-40684"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      },
      {
        "db": "VULHUB",
        "id": "VHN-429172"
      }
    ],
    "trust": 1.71
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-429172",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429172"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-40684",
        "trust": 3.3
      },
      {
        "db": "PACKETSTORM",
        "id": "169431",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "171515",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-347",
        "trust": 0.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "51092",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-429172",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-347"
      }
    ]
  },
  "id": "VAR-202210-0198",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429172"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:54:47.188000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-22-377",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-22-377"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-306",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40684"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://packetstormsecurity.com/files/169431/fortinet-fortios-fortiproxy-fortiswitchmanager-authentication-bypass.html"
      },
      {
        "trust": 2.4,
        "url": "http://packetstormsecurity.com/files/171515/fortinet-7.2.1-authentication-bypass.html"
      },
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/psirt/fg-ir-22-377"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40684"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortios-privilege-escalation-39490"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-40684/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortinet-fortios-privilege-escalation-via-http-https-administrative-interface-39490"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/51092"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-347"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-429172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-347"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-429172"
      },
      {
        "date": "2023-10-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      },
      {
        "date": "2022-10-18T14:15:09.747000",
        "db": "NVD",
        "id": "CVE-2022-40684"
      },
      {
        "date": "2022-10-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-347"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-429172"
      },
      {
        "date": "2023-10-25T02:51:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      },
      {
        "date": "2023-08-08T14:22:24.967000",
        "db": "NVD",
        "id": "CVE-2022-40684"
      },
      {
        "date": "2023-03-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-347"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-347"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Authentication vulnerabilities in multiple Fortinet products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-019256"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-347"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2022-40684

Vulnerability from fkie_nvd - Published: 2022-10-18 14:15 - Updated: 2026-01-14 19:19

CISA KEV

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@fortinet.com	http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html	Exploit, Third Party Advisory, VDB Entry
psirt@fortinet.com	http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html	Exploit, Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-22-377	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-22-377	Mitigation, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684	US Government Resource

Impacted products

Vendor	Product	Version
fortinet	fortiproxy	*
fortinet	fortiproxy	7.2.0
fortinet	fortiswitchmanager	7.0.0
fortinet	fortiswitchmanager	7.2.0
fortinet	fortios	*
fortinet	fortios	*

JSON

To clipboard

{
  "cisaActionDue": "2022-11-01",
  "cisaExploitAdd": "2022-10-11",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Fortinet Multiple Products Authentication Bypass Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B778AD94-D279-42B4-A062-8231F14936B3",
              "versionEndExcluding": "7.0.7",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5F302F8-482A-4DA9-BDD9-63886B202B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4A6B0D-1614-443B-8EBA-A8FBC2E1A832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B73D78B-2270-45B7-854E-F985B8D88F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A86B1AB3-F33E-461C-A19C-C3A51B47AC5F",
              "versionEndExcluding": "7.0.7",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2DDB271-0A73-4C94-B3CE-B766E99898C0",
              "versionEndExcluding": "7.2.2",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests."
    },
    {
      "lang": "es",
      "value": "Una omisi\u00f3n de autenticaci\u00f3n usando una ruta o canal alternativo [CWE-288] en Fortinet FortiOS versi\u00f3n versiones 7.2.0 hasta 7.2.1 y 7.0.0 hasta 7.0.6, FortiProxy versi\u00f3n 7.2.0 y versiones 7.0.0 hasta 7.0.6 y FortiSwitchManager versi\u00f3n 7.2.0 y 7.0.0, permite a un atacante no autenticado llevar a cabo operaciones en la interfaz administrativa por medio de peticiones HTTP o HTTPS especialmente dise\u00f1adas"
    }
  ],
  "id": "CVE-2022-40684",
  "lastModified": "2026-01-14T19:19:58.407",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-18T14:15:09.747",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-22-377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-22-377"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-40684 (GCVE-0-2022-40684)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solution

Solution

Solution

Contournement provisoire

Solution

Contournement provisoire

Tags

Sightings

Nomenclature