Skip to content

FortiOS / FortiProxy / FortiSwitchManager – Authentication Bypass (CVE-2022-40684)

  • Resources
  • Glossary
  • FortiOS / FortiProxy / FortiSwitchManager – Authentication Bypass (CVE-2022-40684)

We would like to bring to your attention a newly discovered authentication bypass vulnerability within FortiOS, FortiProxy and FortiSwitchManager. This vulnerability is currently being actively exploited.

An authentication bypass has been identified using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager which allows an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. The vulnerability has been issued the identifier CVE-2022-40684 and has been given a CVSS score of 9.6.

Affected Products

  • FortiOS version 7.2.0 through 7.2.1

  • FortiOS version 7.0.0 through 7.0.6

  • FortiProxy version 7.2.0

  • FortiProxy version 7.0.0

  • FortiSwitchManager version 7.2.0

  • FortiSwitchManager version 7.0.0

Detection

The current version of FortiOS / FortiGate can be checked with the following command, and should be checked against the known affected products above:

get system status

Additional Fortinet recommend to check the device’s log for the following strings to help detected compromised devices:

  • user=”Local_Process_Access”

  • user_interface=”Node.js”

  • user_interface=”Report Runner”

Exploited hosts may show records for these strings.

Remediation

Whilst a workaround has been provided, current best guidance for remediating this issue to update to an unaffected version.

  • FortiOS should be updated to version 7.2.2 or above and version 7.0.7 or above.

  • FortiProxy should be updated to version 7.2.1 or above and version 7.0.7 or above.

  • FortiSwitchManager should be updated to version 7.2.1 or above.

References

Dark office environment showing interconnected multi-agent AI systems network visualization

Inject one agent, own them all: The cascading risk of multi-agent AI

Ninety percent of organizations are deploying AI agents. Most aren’t monitoring what they do. Multi-agent systems amplify this blindspot: one compromised agent cascades through every trusted…
Silhouettes of a team standing together in low light, representing collaboration within a Security Operations Center.

SOC Testing: Turning Your Security Operations Centre into a Continuous Learning Engine

SOC testing isn’t just about finding vulnerabilities. It’s about building collaboration, sharpening human judgment, and turning your SOC into a continuous learning engine.
Wooden garden shed where CovertSwarm founder Anders Reeves conceived the idea for continuous penetration testing during COVID-19 lockdown

Why I founded CovertSwarm after annual pen tests failed me

Almost every business I worked for got breached. Our teams did the same thing each time: an occasional pen test, a thick report full of findings,…