Vulnerability Details : CVE-2022-40684
Public exploit exists!
Used for ransomware!
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVE-2022-40684 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Fortinet Multiple Products Authentication Bypass Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Notes:
https://www.fortiguard.com/psirt/FG-IR-22-377; https://nvd.nist.gov/vuln/detail/CVE-2022-40684
Added on
2022-10-11
Action due date
2022-11-01
Exploit prediction scoring system (EPSS) score for CVE-2022-40684
97.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-40684
-
Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.
Disclosure Date: 2022-10-10First seen: 2022-12-23exploit/linux/http/fortinet_authentication_bypass_cve_2022_40684This module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account. And then add a SSH key to the authorized_keys file of the chosen account, allowing to log
CVSS scores for CVE-2022-40684
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Fortinet, Inc. |
CWE ids for CVE-2022-40684
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-40684
-
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html
Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass ≈ Packet StormExploit;Third Party Advisory
-
https://fortiguard.com/psirt/FG-IR-22-377
PSIRT Advisories | FortiGuardMitigation;Vendor Advisory
-
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html
Fortinet 7.2.1 Authentication Bypass ≈ Packet Storm
Products affected by CVE-2022-40684
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*