CVE-2022-40684
Description
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Severity: CRITICAL
CVE ID: CVE-2022-40684
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-40684
Refrence: Project Discovery GitHub
horizon3ai
A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager
Refrence: GitHub
carlosevieira
PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)
Refrence: GitHub
Filiplain
Bash PoC for Fortinet Auth Bypass - CVE-2022-40684
Refrence: GitHub
kljunowsky
Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager
Refrence: GitHub
secunnix
Refrence: GitHub
iveresk
Refrence: GitHub
mhd108
Refrence: GitHub
ClickCyber
exploit for CVE-2022-40684 Fortinet
Refrence: GitHub
Chocapikk
Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ]
Refrence: GitHub
mohamedbenchikh
Exploit for CVE-2022-40684 vulnerability
Refrence: GitHub
HAWA771
Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ]
Refrence: GitHub
NeriaBasha
Refrence: GitHub
Grapphy
Forti CVE-2022-40684 enumeration script built in Rust
Refrence: GitHub
puckiestyle
Refrence: GitHub
jsongmax
Refrence: GitHub
und3sc0n0c1d0
Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface).
Refrence: GitHub
qingsiweisan
Refrence: GitHub
TaroballzChen
An authentication bypass using an alternate path or channel in Fortinet product
Refrence: GitHub
gustavorobertux
Exploit Fortigate - CVE-2022-40684
Refrence: GitHub
hughink
Refrence: GitHub
notareaperbutDR34P3r
Refrence: GitHub
z-bool
一键枚举所有用户名以及写入SSH公钥
Refrence: GitHub
Anthony1500
Refrence: GitHub
Content on GitHub
Bendalledj | watchers:1
CVE-2022-40684
CVE 2022 40684
Refrence: GitHub
hackingyseguridad | watchers:25
nmap
Detectar vulnerabilidades script con nmap
Refrence: GitHub