CVE-2022-40684
Fortinet Multiple Products Authentication Bypass Vulnerability
CVSS
—
Sin CVSS
EPSS
100.0%
p100
KEV
SÍ
11 oct 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Fortinet / Multiple Products
Vulnerabilidad
Fortinet Multiple Products Authentication Bypass Vulnerability
Añadido a KEV
11 oct 2022
Remediar antes de
1 nov 2022
Uso conocido en ransomware
Sí
Descripción resumida
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Acción requerida
Apply updates per vendor instructions.
Notas
https://www.fortiguard.com/psirt/FG-IR-22-377; https://nvd.nist.gov/vuln/detail/CVE-2022-40684