← volver
CVE-2022-40684

CVE-2022-40684

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-287
En resumen

Una vulnerabilidad en FortiOS, FortiProxy y FortiSwitchManager permite a atacantes eludir el login y acceder al panel administrativo usando solicitudes HTTP/HTTPS especialmente diseñadas. Es crítico porque proporciona acceso total de administrador.

Detalle técnico

Fallo de autenticación (CWE-287) en productos Fortinet (FortiOS 7.0.0–7.0.6, 7.2.0–7.2.1; FortiProxy 7.0.0–7.0.6, 7.2.0; FortiSwitchManager 7.0.0, 7.2.0) que permite a atacantes no autenticados acceder a la interfaz administrativa remotamente mediante solicitudes HTTP/HTTPS malformadas. Sin requisitos previos de autenticación, la explotación exitosa otorga privilegios administrativos completos.

Resumen generado y traducido por IA a partir de la descripción oficial.
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
Productos afectados
Fortinet · Fortinet FortiOS, FortiProxy, FortiSwitchManager
PoCs públicas encontradas33
githubgithub.com/horizon3ai/CVE-2022-40684356githubgithub.com/carlosevieira/CVE-2022-4068487githubgithub.com/arsolutioner/fortigate-belsen-leak86githubgithub.com/Filiplain/Fortinet-PoC-Auth-Bypass16githubgithub.com/kljunowsky/CVE-2022-40684-POC16githubgithub.com/TaroballzChen/CVE-2022-40684-metasploit-scanner14githubgithub.com/hughink/CVE-2022-4068411githubgithub.com/qingsiweisan/CVE-2022-406849githubgithub.com/Chocapikk/CVE-2022-406847githubgithub.com/secunnix/CVE-2022-406845githubgithub.com/z-bool/CVE-2022-406845githubgithub.com/und3sc0n0c1d0/CVE-2022-406844githubgithub.com/xtwip/fortipwn4githubgithub.com/jsongmax/Fortinet-CVE-2022-406842githubgithub.com/gustavorobertux/gotigate2githubgithub.com/HAWA771/CVE-2022-406842githubgithub.com/NeriaBasha/CVE-2022-406841githubgithub.com/XalfiE/Fortigate-Belsen-Leak-Dump-CVE-2022-40684-1githubgithub.com/iveresk/CVE-2022-406841githubgithub.com/Yami0x777/Belsen_Group-et-exploitation-de-la-CVE-2022-406840githubgithub.com/pintukumar-sutradhar/fortigate-cve-2022-40684-tool0githubgithub.com/mhd108/CVE-2022-406840githubgithub.com/ClickCyber/cve-2022-406840githubgithub.com/puckiestyle/CVE-2022-406840githubgithub.com/notareaperbutDR34P3r/CVE-2022-40684-Rust0githubgithub.com/dkstar11q/CVE-2022-406840githubgithub.com/Anthony1500/CVE-2022-406840githubgithub.com/niklasmato/fortileak-01-2025-Be0githubgithub.com/ccordeiro/CVE-2022-406840exploitdbwww.exploit-db.com/exploits/52239no verificadocve_referencepacketstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.htmlno verificadoexploitdbwww.exploit-db.com/exploits/51092no verificadocve_referencepacketstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.htmlhttp://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.htmlhttps://fortiguard.com/psirt/FG-IR-22-377https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40684