Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684) with a CVSS score of 9.6. This vulnerability gives an attacker the ability to log in as an administrator on the affected system. To demonstrate the vulnerability in this writeup, we will be using FortiOS version 7.2.1
FortiOS exposes a management web portal that allows a user to configure the system. Additionally, a user can SSH into the system which exposes a locked-down CLI interface. Our first step after familiarizing ourselves with the system was to differentiate the vulnerable firmware from the patched firmware.
The nuclei template for scanning can be found here: (CVE-2022-40684 Nuclei template)
This post was created with our nice and easy submission form. Create your post!