CVE-2022-40684

CVE Database · CVE-2022-40684

CVE-2022-40684

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.98%

Published

Oct 18, 2022

Modified

Jan 14, 2026

CISA Known Exploited Vulnerability

Added: 2022-10-11 · Due: 2022-11-01

Apply updates per vendor instructions.

Public PoC / Exploit (12)

All weaponized →

Exploit-DBFortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass Exploit-DBFortinet FortiOS_ FortiProxy_ and FortiSwitchManager 7.2.0 - Authentication bypass NucleiNuclei detection template TrickestTrickest PoC index GitHub PoChorizon3ai/CVE-2022-40684★356 GitHub PoCcarlosevieira/CVE-2022-40684★87 GitHub PoCarsolutioner/fortigate-belsen-leak★85 GitHub PoCFiliplain/Fortinet-PoC-Auth-Bypass★16 GitHub PoCkljunowsky/CVE-2022-40684-POC★16 GitHub PoCTaroballzChen/CVE-2022-40684-metasploit-scanner★14 GitHub PoChughink/CVE-2022-40684★11 GitHub PoCqingsiweisan/CVE-2022-40684★9

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-287CWE-287

Affected Products (6)

fortinet · fortiproxy (up to 7.0.7)vulnerable

fortinet · fortiproxyvulnerable

fortinet · fortiswitchmanagervulnerable

fortinet · fortios (up to 7.0.7)vulnerable

fortinet · fortios (up to 7.2.2)vulnerable

References (7)

http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html