CVE-2022-40684 - Fortinet Multiple Products Authentication Bypass Vulnerability

: Fortinet | Multiple Products

Date Added:
2022-10-11

Due Date:
2022-11-01

Vulnerability Name: Fortinet Multiple Products Authentication Bypass Vulnerability

Description: Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Known To Be Used in Ransomware Campaigns?: Known

Action: Apply updates per vendor instructions.

Additional Notes: https://www.fortiguard.com/psirt/FG-IR-22-377; https://nvd.nist.gov/vuln/detail/CVE-2022-40684

Related News Articles

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]January 27, 2025

15K Fortinet Device Configs Leaked to the Dark WebJanuary 18, 2025

Hackers leak configs and VPN credentials for 15,000 FortiGate devicesJanuary 16, 2025

Free online web security scanner

Don't show website scan report rating on the leaderboard