CVE-2022-40684
Fortinet Multiple Products Authentication Bypass Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Oct 11, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Fortinet / Multiple Products
Vulnerability
Fortinet Multiple Products Authentication Bypass Vulnerability
Added to KEV
Oct 11, 2022
Remediate by
Nov 1, 2022
Known ransomware use
Yes
Summary description
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Required action
Apply updates per vendor instructions.
Notes
https://www.fortiguard.com/psirt/FG-IR-22-377; https://nvd.nist.gov/vuln/detail/CVE-2022-40684