CVE-2022-40684 — Actively Exploited: Multiple Products (Fortinet)
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
| CVE ID | CVE-2022-40684 |
|---|---|
| Vendor | Fortinet |
| Product | Multiple Products |
| Vulnerability name | Fortinet Multiple Products Authentication Bypass Vulnerability |
| Date added | 2022-10-11 |
| Remediation due | 2022-11-01 |
| Known ransomware use | Known |
| Required action | Apply updates per vendor instructions. |
| Description | Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →