An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html | |
https://fortiguard.com/psirt/FG-IR-22-377 | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
27 Mar 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2022, 19:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Fortinet fortiswitchmanager
Fortinet fortiproxy Fortinet Fortinet fortios |
|
CPE | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
|
References | (MISC) http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html - Exploit, Third Party Advisory | |
References | (CONFIRM) https://fortiguard.com/psirt/FG-IR-22-377 - Mitigation, Vendor Advisory |
19 Oct 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Oct 2022, 16:00
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-18 14:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-40684
Mitre link : CVE-2022-40684
CVE.ORG link : CVE-2022-40684
JSON object : View
Products Affected
fortinet
- fortios
- fortiproxy
- fortiswitchmanager
CWE
CWE-287
Improper Authentication