CVE Tools

Description

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

In plain language

AI Act now

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain a critical flaw that lets an internet attacker get in without logging in and take over administrative functions—if you run these products, you should act now by upgrading to the fixed versions.

Executive summary

Unauthenticated attackers can bypass authentication and perform administrative operations on Fortinet FortiOS, FortiProxy, and FortiSwitchManager by sending specially crafted HTTP/HTTPS requests to an administrative interface path/channel.

If affected, business impact
Full administrative takeoverService disruptionRansomware-enabling accessData theft risk

What to do now

  1. Check whether you run Fortinet FortiOS, FortiProxy, and/or FortiSwitchManager, and note your exact version numbers.
  2. If you are on FortiOS or FortiProxy versions in the affected ranges (7.2.0–7.2.1 or 7.0.0–7.0.6), plan to upgrade immediately.
  3. Upgrade FortiOS and FortiProxy to the fixed version 7.0.7.
  4. If you cannot upgrade right away, follow Fortinet’s vendor workaround guidance from the FortiGuard PSIRT page listed by the vendor, and restrict/limit access to the administrative interface as tightly as possible.
  5. After updating, verify the device is running the new version and review management/API logs for suspicious unauthenticated requests.
Usually a quick update

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

Affected Products

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Oct 11, 2022
Remediation due:Nov 1, 2022
Ransomware:Known ransomware use

Required action: Apply updates per vendor instructions.

2 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available
Workaround Available

Attack Graph

Products CVE Techniques Tactics

Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/ + scroll to zoom, or go fullscreen.

MITRE ATT&CK

2 techniques
Initial Access
View detailed technique mapping

References

and 6 more references View all →
2

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2022-40684 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows