← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-40684 — Actively Exploited: Multiple Products (Fortinet)

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

CVE IDCVE-2022-40684
VendorFortinet
ProductMultiple Products
Vulnerability nameFortinet Multiple Products Authentication Bypass Vulnerability
Date added2022-10-11
Remediation due2022-11-01
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionFortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →