ID:10713 - Exploit for Authentication bypass using an alternate path or channel in FortiOS and FortiProxy - CVE-2022-40684

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:10713 - Exploit for Authentication bypass using an alternate path or channel in FortiOS and FortiProxy - CVE-2022-40684

ID:10713 - Exploit for Authentication bypass using an alternate path or channel in FortiOS and FortiProxy - CVE-2022-40684

Published: October 25, 2024


Vulnerability identifier: #VU68070
Vulnerability risk: Critical
CVE-ID: CVE-2022-40684
CWE-ID: CWE-288
Exploitation vector: Remote access
Vulnerable software:
FortiOS
FortiProxy

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to missing authentication within the administrative web interface. A remote non-authenticated attacker can bypass authentication and compromise the affected device.


Remediation

Install updates from vendor's website.