CVE-2022-40684— Fortinet FortiOS 授权问题漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2022-40684の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
N/A
ソース: NVD (National Vulnerability Database)
脆弱性説明
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Fortinet FortiOS 授权问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS存在授权问题漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Fortinet | Fortinet FortiOS, FortiProxy, FortiSwitchManager | FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiSwitchManager 7.2.0, 7.0.0 | - |
II. CVE-2022-40684の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager | https://github.com/horizon3ai/CVE-2022-40684 | POC詳細 |
| 2 | PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only) | https://github.com/carlosevieira/CVE-2022-40684 | POC詳細 |
| 3 | Bash PoC for Fortinet Auth Bypass - CVE-2022-40684 | https://github.com/Filiplain/Fortinet-PoC-Auth-Bypass | POC詳細 |
| 4 | Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager | https://github.com/kljunowsky/CVE-2022-40684-POC | POC詳細 |
| 5 | None | https://github.com/secunnix/CVE-2022-40684 | POC詳細 |
| 6 | None | https://github.com/iveresk/CVE-2022-40684 | POC詳細 |
| 7 | None | https://github.com/mhd108/CVE-2022-40684 | POC詳細 |
| 8 | exploit for CVE-2022-40684 Fortinet | https://github.com/ClickCyber/cve-2022-40684 | POC詳細 |
| 9 | Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ] | https://github.com/Chocapikk/CVE-2022-40684 | POC詳細 |
| 10 | Exploit for CVE-2022-40684 vulnerability | https://github.com/mohamedbenchikh/CVE-2022-40684 | POC詳細 |
| 11 | Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ] | https://github.com/HAWA771/CVE-2022-40684 | POC詳細 |
| 12 | None | https://github.com/NeriaBasha/CVE-2022-40684 | POC詳細 |
| 13 | Forti CVE-2022-40684 enumeration script built in Rust | https://github.com/Grapphy/fortipwn | POC詳細 |
| 14 | None | https://github.com/puckiestyle/CVE-2022-40684 | POC詳細 |
| 15 | None | https://github.com/jsongmax/Fortinet-CVE-2022-40684 | POC詳細 |
| 16 | Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface). | https://github.com/und3sc0n0c1d0/CVE-2022-40684 | POC詳細 |
| 17 | None | https://github.com/qingsiweisan/CVE-2022-40684 | POC詳細 |
| 18 | An authentication bypass using an alternate path or channel in Fortinet product | https://github.com/TaroballzChen/CVE-2022-40684-metasploit-scanner | POC詳細 |
| 19 | Exploit Fortigate - CVE-2022-40684 | https://github.com/gustavorobertux/gotigate | POC詳細 |
| 20 | None | https://github.com/hughink/CVE-2022-40684 | POC詳細 |
| 21 | None | https://github.com/notareaperbutDR34P3r/CVE-2022-40684-Rust | POC詳細 |
| 22 | 一键枚举所有用户名以及写入SSH公钥 | https://github.com/z-bool/CVE-2022-40684 | POC詳細 |
| 23 | None | https://github.com/Anthony1500/CVE-2022-40684 | POC詳細 |
| 24 | Research repository tracking affected IPs from the Fortigate CVE-2022-40684 configuration leak by Belsen Group | https://github.com/arsolutioner/fortigate-belsen-leak | POC詳細 |
| 25 | None | https://github.com/Rofell0s/Fortigate-Leak-CVE-2022-40684 | POC詳細 |
| 26 | Research repository tracking affected IPs from the Fortigate CVE-2022-40684 configuration leak by Belsen Group | https://github.com/AKboss1221/fortigate-belsen-leak | POC詳細 |
| 27 | None | https://github.com/XalfiE/Fortigate-Belsen-Leak-Dump-CVE-2022-40684- | POC詳細 |
| 28 | This repository contains informaion about the Fortigate firewall vulnerability (CVE-2022-40684) and affected data that were publicly disclosed by the Belsen Group. This information is being shared for security research and defensive purposes to help organizations identify if they were impacted. | https://github.com/niklasmato/fortileak-01-2025-Be | POC詳細 |
| 29 | None | https://github.com/Yami0x777/Belsen_Group-et-exploitation-de-la-CVE-2022-40684 | POC詳細 |
| 30 | Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-40684.yaml | POC詳細 |
| 31 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Fortinet%20FortiOS%20admin%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-40684.md | POC詳細 |
| 32 | Exploit for CVE-2022-40684 vulnerability | https://github.com/dkstar11q/CVE-2022-40684 | POC詳細 |
| 33 | Forti CVE-2022-40684 enumeration script built in Rust | https://github.com/xtwip/fortipwn | POC詳細 |
| 34 | PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only) | https://github.com/ccordeiro/CVE-2022-40684 | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2022-40684のインテリジェンス情報
请登录查看更多情报信息。
IV. 関連脆弱性
V. CVE-2022-40684へのコメント
まだコメントはありません