Security News > 2022 > October > PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks
A proof-of-concept exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches.
"FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.
"Additionally, a user can SSH into the system which exposes a locked down CLI interface."
The issue, tracked as CVE-2022-40684, concerns an authentication bypass vulnerability that could allow a remote attacker to perform malicious operations on the administrative interface via specially crafted HTTP(S) requests.
The "Trusted access" authentication check verifies that the client ip is "127.0.0.1" and the User-Agent is "Report Runner" both of which are under attacker control.
The release of the PoC comes as Fortinet cautioned that it's already aware of an instance of active exploitation of the flaw in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency to issue an advisory urging federal agencies to patch the flaw by November 1, 2022.
News URL
https://thehackernews.com/2022/10/poc-exploit-released-for-critical.html
Related news
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Critical Fortinet flaws now exploited in Qilin ransomware attacks (source)
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
- 41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- ASUS warns of critical auth bypass flaw in routers using AiCloud (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Cookie-Bite attack PoC uses Chrome extension to steal session tokens (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-40684 | Improper Authentication vulnerability in Fortinet Fortios, Fortiproxy and Fortiswitchmanager An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. | 9.8 |