← back
CVE-2022-40684

CVE-2022-40684

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-287
In short

FortiOS, FortiProxy, and FortiSwitchManager contain a flaw that allows attackers to bypass login requirements and access the admin panel without credentials by sending specially crafted requests. This is critical because admin access can lead to full system compromise.

Technical detail

An authentication bypass vulnerability in Fortinet products (FortiOS 7.0.0–7.0.6, 7.2.0–7.2.1; FortiProxy 7.0.0–7.0.6, 7.2.0; FortiSwitchManager 7.0.0, 7.2.0) allows unauthenticated remote attackers to access the administrative interface via malformed HTTP/HTTPS requests, exploiting CWE-287 (improper authentication). No credentials or pre-authentication are required; successful exploitation grants full administrative privileges.

Summary generated and translated by AI from the official description.
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
Affected products
Fortinet · Fortinet FortiOS, FortiProxy, FortiSwitchManager
public PoCs found33
githubgithub.com/horizon3ai/CVE-2022-40684356githubgithub.com/carlosevieira/CVE-2022-4068487githubgithub.com/arsolutioner/fortigate-belsen-leak86githubgithub.com/Filiplain/Fortinet-PoC-Auth-Bypass16githubgithub.com/kljunowsky/CVE-2022-40684-POC16githubgithub.com/TaroballzChen/CVE-2022-40684-metasploit-scanner14githubgithub.com/hughink/CVE-2022-4068411githubgithub.com/qingsiweisan/CVE-2022-406849githubgithub.com/Chocapikk/CVE-2022-406847githubgithub.com/secunnix/CVE-2022-406845githubgithub.com/z-bool/CVE-2022-406845githubgithub.com/und3sc0n0c1d0/CVE-2022-406844githubgithub.com/xtwip/fortipwn4githubgithub.com/jsongmax/Fortinet-CVE-2022-406842githubgithub.com/gustavorobertux/gotigate2githubgithub.com/HAWA771/CVE-2022-406842githubgithub.com/NeriaBasha/CVE-2022-406841githubgithub.com/XalfiE/Fortigate-Belsen-Leak-Dump-CVE-2022-40684-1githubgithub.com/iveresk/CVE-2022-406841githubgithub.com/Yami0x777/Belsen_Group-et-exploitation-de-la-CVE-2022-406840githubgithub.com/pintukumar-sutradhar/fortigate-cve-2022-40684-tool0githubgithub.com/mhd108/CVE-2022-406840githubgithub.com/ClickCyber/cve-2022-406840githubgithub.com/puckiestyle/CVE-2022-406840githubgithub.com/notareaperbutDR34P3r/CVE-2022-40684-Rust0githubgithub.com/dkstar11q/CVE-2022-406840githubgithub.com/Anthony1500/CVE-2022-406840githubgithub.com/niklasmato/fortileak-01-2025-Be0githubgithub.com/ccordeiro/CVE-2022-406840exploitdbwww.exploit-db.com/exploits/52239unverifiedcve_referencepacketstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51092unverifiedcve_referencepacketstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.htmlhttp://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.htmlhttps://fortiguard.com/psirt/FG-IR-22-377https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684