Security News > 2022 > October > Exploit available for critical Fortinet auth bypass bug, patch now
Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager appliances.
Ai security researchers released a proof-of-concept exploit and a technical root cause analysis for this vulnerability today, following an announcement that a CVE-2022-40684 PoC will be made available this week.
The PoC exploit is designed to abuse the authentication bypass flaw to set an SSH key for the user specified when launching the Python script from the command line.
While a publicly available PoC exploit would be a strong enough incentive to immediately patch all vulnerable FortiOS, FortiProxy, and FortiSwitchManager appliances, the bug is also being abused in ongoing attacks.
Even though a Fortinet spokesperson refused to comment when asked if the vulnerability is actively exploited in the wild when BleepingComputer reached out on Friday, the company confirmed Monday that it was aware of at least one attack where the vulnerability has been abused.
CISA also added CVE-2022-40684 to its list of security bugs known to be exploited in the wild on Tuesday, requiring all Federal Civilian Executive Branch agencies to patch their Fortinet devices until November 1st to block ongoing attacks.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-40684 | Improper Authentication vulnerability in Fortinet Fortios, Fortiproxy and Fortiswitchmanager An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. | 9.8 |