FortiOS, FortiProxy and FortiSwitchManager - Authentication Bypass (CVE-2022-40684)

Severity
CVSSv3 Score: 9.6
CVE: CVE-2022-40684

Vulnerability description

FortiOS, FortiProxy, and FortiSwitchManager are affected by an Authentication Bypass vulnerability that can lead to adding an SSH key of an existing user and gaining access to the server for an unauthorized user. The root cause of this vulnerability consists in exposing a web interface that could allow an unauthenticated user to change server configurations.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can extract custom artefacts as evidence from the target system.

Recommendation

Upgrade the FortiOS, FortiProxy or FortiSwitchManager to the latest version.

References

https://www.fortiguard.com/psirt/FG-IR-22-377

https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/

Codename

Detectable with: Network Scanner
Exploitable with Sniper: Yes
Vuln date: Oct 2022
Published at: Oct 2022
Updated at: Oct 2022
Software Type: Firewall
Vendor: Fortinet
Product: FortiOS, FortiProxy and FortiSwitchManager