Skip to main content

CVE-2022-40684

Description

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Fortinet, Inc.
Severity: CRITICAL
CVE ID: CVE-2022-40684
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2022-40684
horizon3ai

A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

Refrence: GitHub

carlosevieira

PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)

Refrence: GitHub

Filiplain

Bash PoC for Fortinet Auth Bypass - CVE-2022-40684

Refrence: GitHub

kljunowsky

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

Refrence: GitHub

secunnix

Refrence: GitHub

iveresk

Refrence: GitHub

mhd108

Refrence: GitHub

ClickCyber

exploit for CVE-2022-40684 Fortinet

Refrence: GitHub

Chocapikk

Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ]

Refrence: GitHub

mohamedbenchikh

Exploit for CVE-2022-40684 vulnerability

Refrence: GitHub

HAWA771

Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ]

Refrence: GitHub

NeriaBasha

Refrence: GitHub

Grapphy

Forti CVE-2022-40684 enumeration script built in Rust

Refrence: GitHub

puckiestyle

Refrence: GitHub

jsongmax

Refrence: GitHub

und3sc0n0c1d0

Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface).

Refrence: GitHub

qingsiweisan

Refrence: GitHub

TaroballzChen

An authentication bypass using an alternate path or channel in Fortinet product

Refrence: GitHub

gustavorobertux

Exploit Fortigate - CVE-2022-40684

Refrence: GitHub

hughink

Refrence: GitHub

notareaperbutDR34P3r

Refrence: GitHub

z-bool

一键枚举所有用户名以及写入SSH公钥

Refrence: GitHub

Anthony1500

Refrence: GitHub

Content on GitHub

Bendalledj | watchers:1

CVE-2022-40684
CVE 2022 40684

Refrence: GitHub

hackingyseguridad | watchers:25

nmap
Detectar vulnerabilidades script con nmap

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.9