Exploit available for critical Fortinet auth bypass bug, patch now

Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager appliances.

Ai security researchers released a proof-of-concept exploit and a technical root cause analysis for this vulnerability today, following an announcement that a CVE-2022-40684 PoC will be made available this week.

The PoC exploit is designed to abuse the authentication bypass flaw to set an SSH key for the user specified when launching the Python script from the command line.

While a publicly available PoC exploit would be a strong enough incentive to immediately patch all vulnerable FortiOS, FortiProxy, and FortiSwitchManager appliances, the bug is also being abused in ongoing attacks.

Even though a Fortinet spokesperson refused to comment when asked if the vulnerability is actively exploited in the wild when BleepingComputer reached out on Friday, the company confirmed Monday that it was aware of at least one attack where the vulnerability has been abused.

CISA also added CVE-2022-40684 to its list of security bugs known to be exploited in the wild on Tuesday, requiring all Federal Civilian Executive Branch agencies to patch their Fortinet devices until November 1st to block ongoing attacks.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

Recent News

Cisco discloses high-severity IP phone bug with exploit code

2022-12-08

ChatGPT shows promise of using AI to write malware

Rackspace Hosted Exchange service outage caused by security incident

2022-12-05

Google Chrome emergency update fixes 9th zero-day of the year

2022-12-02

Lastpass says hackers accessed customer data in new breach

2022-12-01

Microsoft Defender boosts default protection for all enterprise users

2022-11-29

View more cybersecurity news →

Featured Services

017_03_Artboard 57

Web Application Penetration Testing

External Network Penetration Testing

017_03_Artboard 54

Internal Network Penetration Testing

017_01_Artboard 43

Smart Device Penetration Testing

020_01_Artboard 85

Cloud Penetration Testing

013_Artboard 8

Enterprise Cybersecurity Audit

Need Help With Your Cybersecurity?

Get in touch with our experts to determine how to improve your cybersecurity.
Learn More

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

VIEW MORE RECENT NEWS →

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

This field is for validation purposes and should be left unchanged.

SOLUTIONS BY CHALLENGE

SOLUTIONS BY INDUSTRY

ABOUT VUMETRIC

Vumetric is an ISO9001-certified company offering penetration testing services, security audits and specialized cybersecurity services. Our clients include S&P 500 companies, SMEs and government agencies.

Stay Updated on Cyber Risks

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.

Got an Urgent Need?

1-877-805-7475

Toronto

130 King St W, 1800
Toronto, ON, Canada M5X 1K6

647-499-6652

Quebec

825 blvd. Lebourgneuf, 214
Quebec, QC, Canada G2J 0B9

418-800-0147

New York

1177 Av. of the Americas, 5th Floor
New York, NY, 10036, USA

1-877-805-7475

Have a Question?

CONTACT US

© 2022 Vumetric Inc. All Rights Reserved.

Twitter Linkedin-in Facebook-f Rss

Privacy Policy    |    Contact Us    |    About

SOUMISSION
SOUMISSION
Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

This site is registered on wpml.org as a development site.