Skip to content

FortiOS / FortiProxy / FortiSwitchManager – Authentication Bypass (CVE-2022-40684)

  • Resources
  • Glossary
  • FortiOS / FortiProxy / FortiSwitchManager – Authentication Bypass (CVE-2022-40684)

We would like to bring to your attention a newly discovered authentication bypass vulnerability within FortiOS, FortiProxy and FortiSwitchManager. This vulnerability is currently being actively exploited.

An authentication bypass has been identified using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager which allows an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. The vulnerability has been issued the identifier CVE-2022-40684 and has been given a CVSS score of 9.6.

Affected Products

  • FortiOS version 7.2.0 through 7.2.1

  • FortiOS version 7.0.0 through 7.0.6

  • FortiProxy version 7.2.0

  • FortiProxy version 7.0.0

  • FortiSwitchManager version 7.2.0

  • FortiSwitchManager version 7.0.0

Detection

The current version of FortiOS / FortiGate can be checked with the following command, and should be checked against the known affected products above:

get system status

Additional Fortinet recommend to check the device’s log for the following strings to help detected compromised devices:

  • user=”Local_Process_Access”

  • user_interface=”Node.js”

  • user_interface=”Report Runner”

Exploited hosts may show records for these strings.

Remediation

Whilst a workaround has been provided, current best guidance for remediating this issue to update to an unaffected version.

  • FortiOS should be updated to version 7.2.2 or above and version 7.0.7 or above.

  • FortiProxy should be updated to version 7.2.1 or above and version 7.0.7 or above.

  • FortiSwitchManager should be updated to version 7.2.1 or above.

References

Silhouette of person in dark environment representing insider threat in agentic IDE security with code and terminal windows in background

When Your IDE Becomes An Insider: Testing Agentic Dev Tools Against Indirect Prompt Injection

Agentic development tools don’t need to bypass your firewall. They’re already inside. And if an attacker can control what they read, they can control what they…
Modern office building at night showing AI agent security risks with autonomous systems running in corporate networks

What Moltbook reveals about AI agent security

The Moltbook launch exposed a critical gap: organizations deploying AI agents faster than they can secure them. Research shows 22% of enterprises currently host unauthorised AI…
Dark underground stairway representing hidden SaaS security vulnerabilities and cloud dependencies

Cloud security vulnerabilities: the unpatchable risks hiding in your SaaS stack 

The cloud gives businesses scalability, agility, and built-in resilience. But it’s created a dangerous illusion: that moving workloads to SaaS platforms and managed services automatically makes…