VDB
CVE-2022-40684
CVE-2022-40684
PUBLISHED
KEV
CVSS 9.600000381469727 CRITICAL
10. Oktober 2022 Update #1: 10. Oktober 2022, 18:10 (zusätzlich zu Firewalls sind weitere Produkte betroffen) Kritische Schwachstellen in Fortinet Firewalls Produkten erlauben es Angreifenden, die Authentisierung zu umgehen und Aktionen mit Admin-Rechten auszuführen. CVE-Nummer(n): CVE-2022-40684 CVSS Base Score: 9.6
EPSS 94.43% · 100.0th percentile
Risk Scores
CVSS 3.1
9.600000381469727
EPSS Score
94.43%
100.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiProxy 7.0.0 bis 7.0.6, und 7.2.0 | |
| Fortinet | FortiOS 7.0.0 bis 7.0.6, 7.2.0 bis 7.2.1 | |
| FortiSwitchManager | FortiSwitchManager 7.0.0 und 7.2.0 |
Exploit Intelligence
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
…and 1993 more exploits
Timeline
- Nov 23, 2017 PoC Published
- Mar 12, 2018 PoC Published
- Feb 5, 2019 PoC Published
- Sep 17, 2020 PoC Published
- Oct 3, 2020 PoC Published
- Mar 4, 2021 PoC Published
- Apr 26, 2021 PoC Published
- Jun 28, 2021 PoC Published
- Jul 2, 2021 PoC Published
- Sep 23, 2021 PoC Published
- Oct 6, 2021 PoC Published
- Dec 11, 2021 PoC Published
References
- https://www.cert.at/de/warnungen/2022/10/kritische-sicherheitslucken-in-fortinet-firewalls-updates-verfugbar advisory
- https://heise.de/-7288810 technical
- https://www.bleepingcomputer.com/news/security/fortinet-warns-admins-to-patch-critical-auth-bypass-bug-immediately/ technical
- https://fortiguard.fortinet.com/psirt/FG-IR-22-377 technical