FortiOS, FortiProxy and FortiSwitchManager - Authentication Bypass (CVE-2022-40684)

Severity

CVE

CVE-2022-40684

CVSSv3 Score

9.6

Exploitable with Sniper

Yes

Vulnerability description

FortiOS, FortiProxy, and FortiSwitchManager are affected by an Authentication Bypass vulnerability that can lead to adding an SSH key of an existing user and gaining access to the server for an unauthorized user. The root cause of this vulnerability consists in exposing a web interface that could allow an unauthenticated user to change server configurations.

Exploit capabilities

Sniper can extract custom artefacts as evidence from the target system.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade the FortiOS, FortiProxy or FortiSwitchManager to the latest version.

References

https://www.fortiguard.com/psirt/FG-IR-22-377

https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/

Detectable with

Network Scanner

Vuln date

Oct 2022

Published

Oct 2022

Updated

Oct 2022

Software Type

Firewall

Vendor

Fortinet

Product

FortiOS, FortiProxy and FortiSwitchManager

Codename