Research repository tracking affected IPs from the Fortigate CVE-2022-40684 configuration leak by Belsen Group ╔═════════════════════════════════════════════════════════════════════════════╗
║ ███████╗ ██████╗ ██████╗ ████████╗██╗ ██████╗ █████╗ ████████╗███████╗ ║
║ ██╔════╝██╔═══██╗██╔══██╗╚══██╔══╝██║██╔════╝ ██╔══██╗╚══██╔══╝██╔════╝ ║
║ █████╗ ██║ ██║██████╔╝ ██║ ██║██║ ███╗███████║ ██║ █████╗ ║
║ ██╔══╝ ██║ ██║██╔══██╗ ██║ ██║██║ ██║██╔══██║ ██║ ██╔══╝ ║
║ ██║ ╚██████╔╝██║ ██║ ██║ ██║╚██████╔╝██║ ██║ ██║ ███████╗ ║
║ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝ ║
║ ║
║ ██████╗ ███████╗██╗ ███████╗███████╗███╗ ██╗ ║
║ ██╔══██╗██╔════╝██║ ██╔════╝██╔════╝████╗ ██║ ║
║ ██████╔╝█████╗ ██║ ███████╗█████╗ ██╔██╗ ██║ ║
║ ██╔══██╗██╔══╝ ██║ ╚════██║██╔══╝ ██║╚██╗██║ ║
║ ██████╔╝███████╗███████╗███████║███████╗██║ ╚████║ ║
║ ╚═════╝ ╚══════╝╚══════╝╚══════╝╚══════╝╚═╝ ╚═══╝ ║
║ ║
║ ██╗ ███████╗ █████╗ ██╗ ██╗ ║
║ ██║ ██╔════╝██╔══██╗██║ ██╔╝ ║
║ ██║ █████╗ ███████║█████╔╝ ║
║ ██║ ██╔══╝ ██╔══██║██╔═██╗ ║
║ ███████╗███████╗██║ ██║██║ ██╗ ║
║ ╚══════╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ ║
║ ║
║ Configuration Leak Tracker ║
╚═════════════════════════════════════════════════════════════════════════════╝
# Fortigate Belsen Leak Research
This repository contains informaion about the Fortigate firewall vulnerability (CVE-2022-40684) and affected IPs that were publicly disclosed by the Belsen Group. This information is being shared for security research and defensive purposes to help organizations identify if they were impacted.
## Background
In 2022, Fortinet disclosed a critical authentication bypass vulnerability (CVE-2022-40684) affecting FortiOS, FortiProxy, and FortiSwitchManager. In January 2025, configurations from approximately 15,000 affected devices were publicly released by the Belsen Group.
## Purpose
This repository serves as a resource for:
- Security researchers studying the impact of CVE-2022-40684
- Organizations to check if they were affected
- Raising awareness about the importance of timely security patches
## Contents
- `affected_ips.txt`: List of IP addresses identified as potentially affected
- `REFERENCES.md`: Additional resources and references about the vulnerability
## Disclaimer
This information is provided for defensive security research purposes only. The data has been publicly disclosed and is being shared to help organizations assess their exposure and take necessary remediation steps.
## References
- [Fortinet Advisory](https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684)
- CVE-2022-40684
## Contact & Support
If your organization has been impacted by this vulnerability or you need assistance with mitigation:
- 💼 LinkedIn: [Amram Englander](https://www.linkedin.com/in/amram-englander-a23a6a89/)
- 📧 Secure Email: amrameng@proton.me
- 🛡️ For urgent security assistance or consultation, feel free to reach out via ProtonMail or LinkedIn
I'm available to help organizations:
- Verify if they were affected
- Provide guidance on mitigation steps
- Assist with security hardening
[4.0K] /data/pocs/f6e87c5614af4291350006befad9d7de6c850678
├── [299K] affected_ips.txt
├── [1.0K] LICENSE
├── [5.6K] README.md
└── [1.1K] REFERENCES.md
0 directories, 4 files