(CVE-2022-40684) FortiOS and FortiProxy Authentication Bypass

Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684) with a CVSS score of 9.6. This vulnerability gives an attacker the ability to log in as an administrator on the affected system. To demonstrate the vulnerability in this writeup, we will be using FortiOS version 7.2.1

FortiOS exposes a management web portal that allows a user to configure the system. Additionally, a user can SSH into the system which exposes a locked-down CLI interface. Our first step after familiarizing ourselves with the system was to differentiate the vulnerable firmware from the patched firmware.

The nuclei template for scanning can be found here: (CVE-2022-40684 Nuclei template)

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Layer 2 network security bypass

(CVE-2022-33980) Apache Commons Config Command Execution Bug