{"id":60206,"date":"2022-11-25T15:26:25","date_gmt":"2022-11-25T07:26:25","guid":{"rendered":"https:\/\/version-2.com\/?p=60206"},"modified":"2023-07-24T18:38:02","modified_gmt":"2023-07-24T10:38:02","slug":"fortinet-authentication-bypass-vulnerability-cve-2022-40684","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2022\/11\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\/","title":{"rendered":"Fortinet Authentication Bypass Vulnerability &#8211; CVE-2022-40684"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"60206\" class=\"elementor elementor-60206\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max\" width=\"1280\" height=\"720\" \/><\/p><div class=\"news-detail-inner-content\" data-v-85c4bf60=\"\" data-v-0bbc59dc=\"\"><p><strong>Introduction:\u00a0<\/strong><\/p><p>The latest FortiOS \/ FortiProxy \/ FortiSwitchManager vulnerability has been reportedly exploited in the wild, which allows an attacker to bypass authentication and login as an administrator on the affected system.<\/p><ul><li><p><strong>Vulnerability Release Time : <\/strong>Oct Nov, 2022<\/p><\/li><li><p><strong>Vulnerability Component Name : <\/strong>FortiOS &#8211; FortiProxy &#8211; FortiSwitchManager<\/p><\/li><li><p><strong>Affected Products :<\/strong><\/p><ul><li><p>Affected FortiOS<\/p><ul><li><p>7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.2.0, 7.2.1<\/p><\/li><\/ul><\/li><li><p>Affected FortiProxy<\/p><ul><li><p>7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.2.0<\/p><\/li><\/ul><\/li><li><p>FortiSwitchManager<\/p><ul><li><p>7.0.0, 7.2.0<\/p><\/li><\/ul><\/li><li><p><em>FortiOS versions 5.x, 6.x are NOT impacted<\/em><\/p><\/li><li><p>FortiProxy version 7.2.0<\/p><\/li><\/ul><\/li><\/ul><p><strong>Solutions :<\/strong><\/p><ul><li><p>Please upgrade to FortiOS version 7.2.2 or above<\/p><\/li><li><p>Please upgrade to FortiOS version 7.0.7 or above<\/p><\/li><li><p>Please upgrade to FortiProxy version 7.2.1 or above<\/p><\/li><li><p>Please upgrade to FortiProxy version 7.0.7 or above<\/p><\/li><li><p>Please upgrade to FortiSwitchManager version 7.2.1 or above<\/p><\/li><li><p>Please upgrade to FortiSwitchManager version 7.0.1 or above<\/p><\/li><li><p>Please upgrade to FortiOS version 7.0.5 B8001 or above for FG6000F and 7000E\/F series platforms<\/p><\/li><\/ul><p><strong>Execution Summary:<\/strong><\/p><p>The CVE-2022-40684 vulnerability allows adversaries to bypass authentication and login into the vulnerable systems as an administrator in FortiOS \/ FortiProxy \/ FortiSwitchManager products.<\/p><p>Having admin user rights, adversaries can,<\/p><ul><li><p>add new users to the vulnerable system<\/p><\/li><li><p>reroute the network traffic by updating network configurations<\/p><\/li><li><p>listen to and capture sensitive data by running packet capturing programs<\/p><\/li><\/ul><p><strong>CVSS v3:<\/strong><\/p><ul><li><p>Base Score: 9.8 (Critical)<\/p><\/li><li><p>Attack Vector:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Network<\/p><\/li><li><p>Attack Complexity:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Low<\/p><\/li><li><p>Privileges Required:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0None<\/p><\/li><li><p>User Interaction:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 None<\/p><\/li><li><p>Confidentiality Impact:\u00a0\u00a0\u00a0\u00a0\u00a0High<\/p><\/li><li><p>Integrity Impact:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0High<\/p><\/li><li><p>Availability Impact:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0High<\/p><\/li><\/ul><p><strong>Mitigation:<\/strong><\/p><p>As mitigation measures and security workarounds for remediating the threat, Fortinet advisory recommends disabling the HTTP\/HTTPS admin interface or limiting the IP address that can access the latter. Customers are also highly recommended to upgrade their potentially vulnerable software to the latest versions.<\/p><p>Furthermore,<\/p><p>In their PSIRT Advisories blog, the FortiGuard Labs have given some mitigation suggestions and recommended performing the following upgrades according to the vulnerable products.<\/p><p><strong>For FortiOS:<\/strong><\/p><ul><li><p>Upgrade to version 7.2.2 or above<\/p><\/li><li><p>Upgrade to version 7.0.7 or above<\/p><\/li><\/ul><p>If applying patch is not possible for some other reasons, apply the following mitigation suggestions.<\/p><pre><code>Suggestion 1: Disable HTTP\/HTTPS administrative interface\n\nSuggestion 2: Limit IP addresses that can reach the administrative interface<\/code><\/pre><ul><li><p><code>config firewall address<\/code><\/p><\/li><li><p><code>edit \"my_allowed_addresses\"<\/code><\/p><\/li><li><p><code>set subnet &lt;MY IP&gt; &lt;MY SUBNET&gt;<\/code><\/p><\/li><li><p><code>end<\/code><\/p><\/li><\/ul><pre><code>Then crate an Address Group<\/code><\/pre><ul><li><p><code>config firewall addrgrp<\/code><\/p><\/li><li><p><code>edit \"MGMT_IPs\"<\/code><\/p><\/li><li><p><code>set member \"my_allowed_addresses\"<\/code><\/p><\/li><li><p><code>end<\/code><\/p><\/li><\/ul><pre><code>Create the Local in Policy to restrict access only to the predefined group on management interface.<\/code><\/pre><ul><li><p><code>config firewall local-in-policy<\/code><\/p><\/li><li><p><code>edit 1<\/code><\/p><\/li><li><p><code>set intf port1<\/code><\/p><\/li><li><p><code>set srcaddr \"MGMT_IPs\"<\/code><\/p><\/li><li><p><code>set dstaddr \"all\"<\/code><\/p><\/li><li><p><code>set action accept<\/code><\/p><\/li><li><p><code>set service HTTPS HTTP<\/code><\/p><\/li><li><p><code>set schedule \"always\"<\/code><\/p><\/li><li><p><code>set status enable<\/code><\/p><\/li><li><p><code>next<\/code><\/p><\/li><li><p><code>edit 2<\/code><\/p><\/li><li><p><code>set intf \"any\"<\/code><\/p><\/li><li><p><code>set srcaddr \"all\"<\/code><\/p><\/li><li><p><code>set dstaddr \"all\"<\/code><\/p><\/li><li><p><code>set action deny<\/code><\/p><\/li><li><p><code>set service HTTPS HTTP<\/code><\/p><\/li><li><p><code>set schedule \"always\"<\/code><\/p><\/li><li><p><code>set status enable<\/code><\/p><\/li><li><p><code>end<\/code><\/p><\/li><\/ul><pre><code>If you are using non default ports, create appropriate service object for GUI administrative access:<\/code><\/pre><ul><li><p><code>config firewall service custom<\/code><\/p><\/li><li><p><code>edit GUI_HTTPS<\/code><\/p><\/li><li><p><code>set tcp-portrange &lt;admin-sport&gt;<\/code><\/p><\/li><li><p><code>next<\/code><\/p><\/li><li><p><code>edit GUI_HTTP<\/code><\/p><\/li><li><p><code>set tcp-portrange &lt;admin-port&gt;<\/code><\/p><\/li><li><p><code>end<\/code><\/p><\/li><\/ul><pre><code>Use these objects instead of \"HTTPS HTTP \"in the local-in policy 1 and 2 above.<\/code><\/pre><p><strong>For FortiProxy:<\/strong><\/p><ul><li><p>Upgrade to version 7.2.1 or above<\/p><\/li><li><p>Upgrade to version 7.0.7 or above<\/p><\/li><\/ul><p>If applying patch is not possible for some other reasons, apply the following mitigation suggestions.<\/p><pre><code>Suggestion 1: Disable HTTP\/HTTPS administrative interface\nSuggestion 2: For FortiProxy VM all versions or FortiProxy appliance 7.0.6:\n\nLimit IP addresses that can reach the administrative interface:<\/code><\/pre><ul><li><p><code>config system interface<\/code><\/p><\/li><li><p><code>edit port1<\/code><\/p><\/li><li><p><code>set dedicated-to management<\/code><\/p><\/li><li><p><code>set trust-ip-1 &lt;MY IP&gt; &lt;MY SUBNET&gt;<\/code><\/p><\/li><li><p><code>end<\/code><\/p><\/li><\/ul><p><strong>For FortiSwitchManager:<\/strong><\/p><p>Upgrade to version 7.2.1 or above: Disable HTTP\/HTTPS administrative interface<\/p><p><strong>Technical Analysis \/ Exploits:<\/strong><\/p><p>We found an open admin panel link and we tried to use default credentials but they failed.<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw7vt3q01vg0kmpc3ug38y6.jpeg\" \/><\/p><ol><li><p>Now that our default bruteforce attack didn\u2019t work, let\u2019s try to use a new exploitation technique. Use below link to open exploit python script.<\/p><p><a href=\"https:\/\/github.com\/horizon3ai\/CVE-2022-40684\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/github.com\/horizon3ai\/CVE-2022-40684<\/a><\/p><\/li><\/ol><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw7ykms026r0kmpd0ka5c4c.jpeg\" \/><\/p><p>Open the python script file and copy complete code. Create a new file in your local directory and paste that copied python code in the new file.<\/p><pre><code>      In our case we created a file with the name pocforti.py and pasted the code in it<\/code><\/pre><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw80cy402ev0kmp9obe6c2w.jpeg\" \/><\/p><p>Now let\u2019s run this python script and let it do the magic trick. Use below command with <em>fortinet admin server ip, port number, and your public key<\/em> path.<\/p><pre><code>python3 pocforti.py -t &lt;fortinet admin server ip&gt;:&lt;port number&gt; --username admin --key-file &lt;your public key path&gt;<\/code><\/pre><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw82ips01zh0kqp7s8b1r8w.jpeg\" \/><\/p><p>Now after executing the python script, let\u2019s try to <strong><em>SSH <\/em><\/strong>the fortinet hosted server. Use bellow command to successfully SSH in <em>fortinet <\/em>server.<\/p><pre><code>ssh admin@&lt;fortinet server ip&gt;<\/code><\/pre><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw85216030y0kmpgrhp48kc.jpeg\" \/><\/p><p>After successfully get fortinet server access, let\u2019s create a new user in fortinet database<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw86sqs02ix0kqpdpxefuop.jpeg\" \/><\/p><p>Now after adding a new user with admin rights, let\u2019s try this user.<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw888xq02pg0kqpam9lea3h.jpeg\" \/><\/p><p>After entering the new credentials of the created user, we successfully login to the fortinet admin panel as an admin user<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw8a8an03nw0kmpfuyqeb4y.jpeg\" \/><\/p><p>Open the admin users to verify if your user is successfully added as admin user or not<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw8dcj4041z0kmp5b398vum.jpeg\" \/><\/p><p>As you can see, our created user is successfully added in fortinet users as an admin user.<\/p><p><strong>Reference:<\/strong><\/p><ul><li><p><a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-377\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"><u>https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-377<\/u><\/a><\/p><\/li><li><p><a href=\"https:\/\/github.com\/carlosevieira\/CVE-2022-40684\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/github.com\/carlosevieira\/CVE-2022-40684<\/a><\/p><\/li><li><p><a href=\"https:\/\/github.com\/Chocapikk\/CVE-2022-40684\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/github.com\/Chocapikk\/CVE-2022-40684<\/a><\/p><\/li><li><p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-40684\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-40684<\/a><\/p><\/li><\/ul><p>#fortinet #FortiProxy #ForitnetAdminAccess #CVE-2022-40684<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"39690\" class=\"elementor elementor-39690\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><b>About VRX<\/b><br><b>VRX&nbsp;<\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Introduction:\u00a0 The latest FortiOS \/ FortiProxy \/ FortiS [&hellip;]<\/p>\n","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,488,61],"tags":[477,489],"class_list":["post-60206","post","type-post","status-publish","format-standard","hentry","category-vrx","category-488","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Fortinet Authentication Bypass Vulnerability - CVE-2022-40684 - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fortinet Authentication Bypass Vulnerability - CVE-2022-40684 - Version 2\" \/>\n<meta property=\"og:description\" content=\"Introduction:\u00a0 The latest FortiOS \/ FortiProxy \/ FortiS [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-25T07:26:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-24T10:38:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/11\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Fortinet Authentication Bypass Vulnerability &#8211; CVE-2022-40684\",\"datePublished\":\"2022-11-25T07:26:25+00:00\",\"dateModified\":\"2023-07-24T10:38:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/11\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\\\/\"},\"wordCount\":598,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"vRx\",\"2022\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/11\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\",\"name\":\"Fortinet Authentication Bypass Vulnerability - CVE-2022-40684 - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max\",\"datePublished\":\"2022-11-25T07:26:25+00:00\",\"dateModified\":\"2023-07-24T10:38:02+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fortinet Authentication Bypass Vulnerability &#8211; CVE-2022-40684\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fortinet Authentication Bypass Vulnerability - CVE-2022-40684 - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684","og_locale":"zh_HK","og_type":"article","og_title":"Fortinet Authentication Bypass Vulnerability - CVE-2022-40684 - Version 2","og_description":"Introduction:\u00a0 The latest FortiOS \/ FortiProxy \/ FortiS [&hellip;]","og_url":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684","og_site_name":"Version 2","article_published_time":"2022-11-25T07:26:25+00:00","article_modified_time":"2023-07-24T10:38:02+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"version2hk","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"7 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/11\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Fortinet Authentication Bypass Vulnerability &#8211; CVE-2022-40684","datePublished":"2022-11-25T07:26:25+00:00","dateModified":"2023-07-24T10:38:02+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/11\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\/"},"wordCount":598,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max","keywords":["vRx","2022"],"articleSection":["vRx","2022","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/11\/fortinet-authentication-bypass-vulnerability-cve-2022-40684\/","url":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684","name":"Fortinet Authentication Bypass Vulnerability - CVE-2022-40684 - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max","datePublished":"2022-11-25T07:26:25+00:00","dateModified":"2023-07-24T10:38:02+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/claw6n7ly20jv0jqeghxccj12.jpg?tr=w-1800,c-at_max"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/fortinet-authentication-bypass-vulnerability-cve-2022-40684#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"Fortinet Authentication Bypass Vulnerability &#8211; CVE-2022-40684"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/zh\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-fF4","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/60206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=60206"}],"version-history":[{"count":12,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/60206\/revisions"}],"predecessor-version":[{"id":69445,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/60206\/revisions\/69445"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=60206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=60206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=60206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}