CVE-2022-40684CISA KEV: Actively Exploited

Fortinet Multiple Products Authentication Bypass Vulnerability

Published Oct 11, 2022·Updated Oct 11, 2022

Description

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Public Exploits & PoCs24 found

PoC: fortigate-belsen-leak

Research repository tracking affected IPs from the Fortigate CVE-2022-40684 configuration leak by Belsen Group

12

PoC: CVE-2022-40684

A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

7

PoC: CVE-2022-40684

CVE-2022-40684 Remote Fortinet Code Exeuction vulnerability

3

PoC: CVE-2022-40684-RCE-POC

CVE-2022-40684-RCE-POC Fortinet Vulnerability

3

PoC: Fortinet-PoC-Auth-Bypass

Bash PoC for Fortinet Auth Bypass - CVE-2022-40684

2

PoC: CVE-2022-40684

一键枚举所有用户名以及写入SSH公钥

1

PoC: CVE-2022-40684

Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ]

1

PoC: CVE-2022-40684

Exploit for CVE-2022-40684 vulnerability

1

PoC: CVE-2022-40684-POC

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

1

PoC: fortigate-cve-2022-40684-tool

FortiGate CVE-2022-40684 assessment tool for user enumeration, configuration dump, and lab testing.

PoC: CVE-2022-40684

PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)

PoC: fortileak-01-2025-Be

This repository contains informaion about the Fortigate firewall vulnerability (CVE-2022-40684) and affected data that were publicly disclosed by the Belsen Group. This information is being shared for security research and defensive purposes to help organizations identify if they were impacted.

PoC: fortigate-belsen-leak

Research repository tracking affected IPs from the Fortigate CVE-2022-40684 configuration leak by Belsen Group

PoC: CVE-2022-40684

Exploit for CVE-2022-40684 vulnerability

PoC: gotigate

Exploit Fortigate - CVE-2022-40684

PoC: CVE-2022-40684-metasploit-scanner

An authentication bypass using an alternate path or channel in Fortinet product

PoC: CVE-2022-40684

CVE 2022 40684

PoC: CVE-2022-40684

Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface).

PoC: fortipwn

Forti CVE-2022-40684 enumeration script built in Rust

PoC: CVE-2022-40684

Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ]

PoC: cve-2022-40684

exploit for CVE-2022-40684 Fortinet

PoC: CVE-2022-40684

PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)

PoC: CVE-2022-40684-RCE-POC

fortinet auth bypass analyze and exploit

PoC: CVE-2022-40684

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free