CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.944

EPSS Ranking 100.0%

CVSS Severity

CVSS v3 Score 9.8

Proposed Action

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Ransomware Campaign

Known

References

Products affected by CVE-2022-40684

Fortinet » Fortiproxy » Version: 7.0.0

cpe:2.3:a:fortinet:fortiproxy:7.0.0
Fortinet » Fortiproxy » Version: 7.0.1

cpe:2.3:a:fortinet:fortiproxy:7.0.1
Fortinet » Fortiproxy » Version: 7.0.2

cpe:2.3:a:fortinet:fortiproxy:7.0.2
Fortinet » Fortiproxy » Version: 7.0.3

cpe:2.3:a:fortinet:fortiproxy:7.0.3
Fortinet » Fortiproxy » Version: 7.0.4

cpe:2.3:a:fortinet:fortiproxy:7.0.4
Fortinet » Fortiproxy » Version: 7.0.5

cpe:2.3:a:fortinet:fortiproxy:7.0.5
Fortinet » Fortiproxy » Version: 7.0.6

cpe:2.3:a:fortinet:fortiproxy:7.0.6
Fortinet » Fortiproxy » Version: 7.2.0

cpe:2.3:a:fortinet:fortiproxy:7.2.0
Fortinet » Fortiswitchmanager » Version: 7.0.0

cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0
Fortinet » Fortiswitchmanager » Version: 7.2.0

cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0
Fortinet » Fortios » Version: 7.0.0

cpe:2.3:o:fortinet:fortios:7.0.0
Fortinet » Fortios » Version: 7.0.1

cpe:2.3:o:fortinet:fortios:7.0.1
Fortinet » Fortios » Version: 7.0.2

cpe:2.3:o:fortinet:fortios:7.0.2
Fortinet » Fortios » Version: 7.0.3

cpe:2.3:o:fortinet:fortios:7.0.3
Fortinet » Fortios » Version: 7.0.4

cpe:2.3:o:fortinet:fortios:7.0.4
Fortinet » Fortios » Version: 7.0.5

cpe:2.3:o:fortinet:fortios:7.0.5
Fortinet » Fortios » Version: 7.0.6

cpe:2.3:o:fortinet:fortios:7.0.6
Fortinet » Fortios » Version: 7.2.0

cpe:2.3:o:fortinet:fortios:7.2.0
Fortinet » Fortios » Version: 7.2.1

cpe:2.3:o:fortinet:fortios:7.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-40684

Products

Pricing

Contact Us