DEV Community

Cover image for CVE-2022-40684: Fortinet Multiple Products Authentication Bypass Vulnerability
Freedom Coder
Freedom Coder

Posted on • Originally published at scyscan.com

CVE-2022-40684: Fortinet Multiple Products Authentication Bypass Vulnerability

#fortinet #multipleproducts #cybersecurity #vulnerability

CVE ID

CVE-2022-40684

Vulnerability Name

Fortinet Multiple Products Authentication Bypass Vulnerability

  • Project: Fortinet
  • Product: Multiple Products

Date

  • Date Added: 2022-10-11
  • Due Date: 2022-11-01

Description

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://www.fortiguard.com/psirt/FG-IR-22-377; https://nvd.nist.gov/vuln/detail/CVE-2022-40684

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)