CVE-2022-40684
Scores
EPSS Score
0.9443
CVSS
3.x 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
All CVSS Scores
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Sources
CWEs
Related Vulnerabilities
Exploits
Exploit ID: CVE-2022-40684
Source: cisa
URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Vulnerable Software
Type: Configuration
Vendor: fortinet
Product: fortios
Operating System: * * *
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: fortinet
Product: fortiproxy
Operating System: * * *
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: fortinet
Product: fortiswitchmanager
Operating System: * * *
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd