CVE-2022-40684 - Fortinet Multiple Products Authentication Bypass Vulnerability

Vulnerability Name

Fortinet Multiple Products Authentication Bypass Vulnerability

Description

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://www.fortiguard.com/psirt/FG-IR-22-377

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

Related News Articles

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]January 27, 2025

15K Fortinet Device Configs Leaked to the Dark WebJanuary 18, 2025

Hackers leak configs and VPN credentials for 15,000 FortiGate devicesJanuary 16, 2025