CVE-2022-40684NVD

Vulnerability Summary

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Severity Level

CRITICAL(9.8)

Published Date

Oct 18, 2022

Last Modified

Jan 12, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://fortiguard.com/psirt/FG-IR-22-377
http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html
http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2022-40684NVD

Vulnerability Summary

External References