Exploit for #VU68070 Authentication bypass using an alternate path or channel in FortiOS and FortiProxy

Published: 2022-10-13 | Updated: 2023-02-28

Vulnerability identifier: #VU68070

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-40684

CWE-ID: CWE-288

Exploitation vector: Network

Exploits in database: 20

February 28, 2023
- CVE-2022-40684 (一键枚举所有用户名以及写入SSH公钥) [Github]
October 29, 2022
- gotigate (Exploit Fortigate - CVE-2022-40684) [Github]
- CVE-2022-40684-metasploit-scanner (An authentication bypass using an alternate path or channel in Fortinet product) [Github]
October 26, 2022
- CVE-2022-40684 () [Github]
October 25, 2022
- fortipwn (Forti CVE-2022-40684 enumeration script built in Rust) [Github]
October 20, 2022
- CVE-2022-40684 (Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface).) [Github]
October 19, 2022
- Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass. [Metasploit]
October 17, 2022
- CVE-2022-40684 () [Github]
- Fortinet-CVE-2022-40684 () [Github]
October 16, 2022
- CVE-2022-40684 () [Github]
- cve-2022-40684 (exploit for CVE-2022-40684 Fortinet) [Github]
- Fortinet-PoC-Auth-Bypass (Bash PoC for Fortinet Auth Bypass - CVE-2022-40684) [Github]
- CVE-2022-40684 () [Github]
- CVE-2022-40684 (Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ]) [Github]
- CVE-2022-40684-POC (Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager) [Github]
- CVE-2022-40684 () [Github]
- CVE-2022-40684 (Exploit for CVE-2022-40684 vulnerability) [Github]
October 13, 2022

Impact: Code execution

Vulnerable software:
FortiOS
Operating systems & Components / Operating system
FortiProxy
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Fortinet, Inc