一、 漏洞 CVE-2022-40684 基础信息
漏洞信息
                                        # N/A

## 漏洞概述
Fortinet 的 FortiOS、FortiProxy 和 FortiSwitchManager 存在一个认证绕过漏洞,攻击者可以通过精心构造的 HTTP 或 HTTPS 请求绕过认证并执行管理界面的操作。

## 影响版本
- FortiOS:版本 7.2.0 至 7.2.1 和 7.0.0 至 7.0.6
- FortiProxy:版本 7.2.0 和 7.0.0 至 7.0.6
- FortiSwitchManager:版本 7.2.0 和 7.0.0

## 细节
此漏洞属于“使用替代路径或通道的认证绕过”(CWE-288)。未认证的攻击者可以通过精心构造的 HTTP 或 HTTPS 请求绕过认证并执行管理界面的操作。

## 影响
此漏洞允许未经授权的用户执行管理操作,可能导致敏感信息泄露或系统被恶意操控。
                                        
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Fortinet FortiOS 授权问题漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS存在授权问题漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2022-40684 的公开POC
# POC 描述 源链接 神龙链接
1 A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager https://github.com/horizon3ai/CVE-2022-40684 POC详情
2 PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only) https://github.com/carlosevieira/CVE-2022-40684 POC详情
3 Bash PoC for Fortinet Auth Bypass - CVE-2022-40684 https://github.com/Filiplain/Fortinet-PoC-Auth-Bypass POC详情
4 Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager https://github.com/kljunowsky/CVE-2022-40684-POC POC详情
5 None https://github.com/secunnix/CVE-2022-40684 POC详情
6 None https://github.com/iveresk/CVE-2022-40684 POC详情
7 None https://github.com/mhd108/CVE-2022-40684 POC详情
8 exploit for CVE-2022-40684 Fortinet https://github.com/ClickCyber/cve-2022-40684 POC详情
9 Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ] https://github.com/Chocapikk/CVE-2022-40684 POC详情
10 Exploit for CVE-2022-40684 vulnerability https://github.com/mohamedbenchikh/CVE-2022-40684 POC详情
11 Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ] https://github.com/HAWA771/CVE-2022-40684 POC详情
12 None https://github.com/NeriaBasha/CVE-2022-40684 POC详情
13 Forti CVE-2022-40684 enumeration script built in Rust https://github.com/Grapphy/fortipwn POC详情
14 None https://github.com/puckiestyle/CVE-2022-40684 POC详情
15 None https://github.com/jsongmax/Fortinet-CVE-2022-40684 POC详情
16 Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface). https://github.com/und3sc0n0c1d0/CVE-2022-40684 POC详情
17 None https://github.com/qingsiweisan/CVE-2022-40684 POC详情
18 An authentication bypass using an alternate path or channel in Fortinet product https://github.com/TaroballzChen/CVE-2022-40684-metasploit-scanner POC详情
19 Exploit Fortigate - CVE-2022-40684 https://github.com/gustavorobertux/gotigate POC详情
20 None https://github.com/hughink/CVE-2022-40684 POC详情
21 None https://github.com/notareaperbutDR34P3r/CVE-2022-40684-Rust POC详情
22 一键枚举所有用户名以及写入SSH公钥 https://github.com/z-bool/CVE-2022-40684 POC详情
23 None https://github.com/Anthony1500/CVE-2022-40684 POC详情
24 Research repository tracking affected IPs from the Fortigate CVE-2022-40684 configuration leak by Belsen Group https://github.com/arsolutioner/fortigate-belsen-leak POC详情
25 None https://github.com/Rofell0s/Fortigate-Leak-CVE-2022-40684 POC详情
26 Research repository tracking affected IPs from the Fortigate CVE-2022-40684 configuration leak by Belsen Group https://github.com/AKboss1221/fortigate-belsen-leak POC详情
27 None https://github.com/XalfiE/Fortigate-Belsen-Leak-Dump-CVE-2022-40684- POC详情
28 This repository contains informaion about the Fortigate firewall vulnerability (CVE-2022-40684) and affected data that were publicly disclosed by the Belsen Group. This information is being shared for security research and defensive purposes to help organizations identify if they were impacted. https://github.com/niklasmato/fortileak-01-2025-Be POC详情
29 None https://github.com/Yami0x777/Belsen_Group-et-exploitation-de-la-CVE-2022-40684 POC详情
30 Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-40684.yaml POC详情
31 None https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Fortinet%20FortiOS%20admin%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-40684.md POC详情
三、漏洞 CVE-2022-40684 的情报信息