Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:288E3CA7-1388-488A-81D9-E93EDFFAA221
HistoryOct 18, 2022 - 12:00 a.m.

CVE-2022-40684

2022-10-1800:00:00
attackerkb.com
669

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.7%

JSON

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Recent assessments:

rbowes-r7 at October 14, 2022 9:39pm UTC reported:

A vulnerability lets you send requests to the backend API service that appear to be coming from a trusted frontend application. As a result, you can call any REST API without authentication, which is pretty bad considering this is a security appliance.

carlosevieira at October 10, 2022 5:26pm UTC reported:

A vulnerability lets you send requests to the backend API service that appear to be coming from a trusted frontend application. As a result, you can call any REST API without authentication, which is pretty bad considering this is a security appliance.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

Related

rapid7blog 8
securelist 2
thn 30
prion 4
cnvd 2
osv 1
fortinet 2
attackerkb 5
nessus 6
cve 4
githubexploit 88
cisa_kev 4
hivepro 4
hackread 1
nuclei 2
krebs 1
wordfence 1
zdt 3
packetstorm 7
checkpoint_advisories 2
metasploit 3
qualysblog 1
exploitdb 2
cisa 2
malwarebytes 2
ics 1
threatpost 2
f5 1
saint 2
wallarmlab 2
trellix 4
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-10-21 17:31:54
CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability
2023-06-12 18:16:52
[Security Nation] James Kettle of PortSwigger on Advancing Web-Attack Research
2022-10-12 18:05:46
securelist
securelist
Advanced threat predictions for 2023
2022-11-14 08:00:24
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
2022-10-13 08:00:21
thn
thn
Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies
2023-04-04 13:16:00
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets
2023-07-03 09:38:00
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users
2023-07-06 18:06:00
prion
prion
Design/Logic Flaw
2022-09-26 02:15:00
Heap overflow
2023-06-13 09:15:00
Authentication flaw
2022-10-18 14:15:00
cnvd
cnvd
Zimbra Collaboration Suite Remote Code Execution Vulnerability
2022-09-28 00:00:00
F5 BIG-IP iControl REST Authentication Bypass Vulnerability
2022-05-07 00:00:00
osv
osv
CVE-2022-41352
2022-09-26 02:15:10
fortinet
fortinet
Protect
2023-06-12 00:00:00
Protect
2022-10-10 00:00:00
attackerkb
attackerkb
CVE-2023-27997
2023-06-13 00:00:00
CVE-2022-1388
2022-05-04 00:00:00
CVE-2023-2868
2023-07-05 00:00:00
nessus
nessus
Fortinet Fortigate - Heap buffer overflow in sslvpn pre-authentication (FG-IR-23-097)
2023-06-12 00:00:00
Fortinet Fortigate Authentication Bypass (FG-IR-22-377)
2022-10-07 00:00:00
F5 BIG-IP RCE (CVE-2022-1388)
2022-05-09 00:00:00
cve
cve
CVE-2023-27997
2023-06-13 09:15:16
CVE-2022-41352
2022-09-26 02:15:00
CVE-2022-40684
2022-10-18 14:15:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K
2023-06-16 03:25:19
Exploit for Path Traversal in Zimbra Collaboration
2022-10-10 13:04:34
Exploit for Path Traversal in Zimbra Collaboration
2022-11-11 20:58:08
cisa_kev
cisa_kev
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
2022-10-20 00:00:00
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
2023-06-13 00:00:00
Fortinet Multiple Products Authentication Bypass Vulnerability
2022-10-11 00:00:00
hivepro
hivepro
Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite
2022-10-11 07:28:31
Vulnerability in Fortinet allows authentication bypass
2022-10-11 07:22:07
Threat Actors launch a campaign to exploit vulnerability in Fortinet
2022-10-28 08:52:38
hackread
hackread
Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs
2022-11-28 20:17:04
nuclei
nuclei
Fortinet - Authentication Bypass
2022-10-14 09:09:38
F5 BIG-IP iControl - REST Auth Bypass RCE
2022-05-09 07:53:05
krebs
krebs
CISA Order Highlights Persistent Risk at Network Edge
2023-06-15 15:40:09
wordfence
wordfence
Threat Advisory: CVE-2022-40684 Fortinet Appliance Auth bypass
2022-10-13 21:08:36
zdt
zdt
FortiOS FortiProxy FortiSwitchManager v7.2.1 - Authentication Bypass Vulnerability
2023-03-27 00:00:00
Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass Exploit
2022-10-19 00:00:00
Zimbra Collaboration Suite TAR Path Traversal Exploit
2022-10-21 00:00:00
packetstorm
packetstorm
Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass
2022-10-19 00:00:00
Fortinet 7.2.1 Authentication Bypass
2023-03-27 00:00:00
F5 BIG-IP 16.0.x Remote Code Execution
2022-05-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Fortinet Multiple Products Authentication Bypass (CVE-2022-40684)
2022-10-23 00:00:00
F5 BIG-IP Remote Code Execution (CVE-2021-22986; CVE-2021-22987; CVE-2022-1388)
2021-03-22 00:00:00
metasploit
metasploit
Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.
2022-10-14 20:19:43
F5 BIG-IP iControl RCE via REST Authentication Bypass
2022-05-11 21:43:00
TAR Path Traversal in Zimbra (CVE-2022-41352)
2022-10-06 17:23:53
qualysblog
qualysblog
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
exploitdb
exploitdb
FortiOS, FortiProxy, FortiSwitchManager v7.2.1 - Authentication Bypass
2023-03-27 00:00:00
F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
2022-05-12 00:00:00
cisa
cisa
Threat Actors Exploiting F5 BIG IP CVE-2022-1388
2022-05-18 00:00:00
F5 Releases Security Advisories Addressing Multiple Vulnerabilities
2022-05-04 00:00:00
malwarebytes
malwarebytes
F5 BIG-IP vulnerability is now being used to disable servers
2022-05-12 12:51:25
Update now! F5 BIG-IP vulnerability being actively exploited
2022-05-09 15:39:17
ics
ics
Threat Actors Exploiting F5 BIG-IP CVE-2022-1388
2022-10-12 12:00:00
threatpost
threatpost
F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems
2022-05-05 12:48:08
Hackers Actively Exploit F5 BIG-IP Bug
2022-05-10 12:35:15
f5
f5
K23605346 : BIG-IP iControl REST vulnerability CVE-2022-1388
2022-05-04 00:00:00
saint
saint
F5 BIG-IP iControl REST vulnerability
2022-05-13 00:00:00
F5 BIG-IP iControl REST vulnerability
2022-05-13 00:00:00
wallarmlab
wallarmlab
CVE-2022-1388: Critical security vulnerabilities in F5 Big-IP allows attackers to execute arbitrary code
2022-05-06 17:06:26
API Vulnerabilities Jump Up 3.7x in Q2-2022
2022-07-28 07:38:27
trellix
trellix
The Bug Report - June 2023 Edition
2023-07-05 00:00:00
The Bug Report - June 2023 Edition
2023-07-05 00:00:00
The Bug Report – May 2022 Edition
2022-06-01 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.7%

JSON
Related for AKB:288E3CA7-1388-488A-81D9-E93EDFFAA221
rapid7blog8securelist2thn30prion4cnvd2osv1fortinet2attackerkb5nessus6cve4githubexploit88cisa_kev4hivepro4hackread1nuclei2krebs1wordfence1zdt3packetstorm7checkpoint_advisories2metasploit3qualysblog1exploitdb2cisa2malwarebytes2ics1threatpost2f51saint2wallarmlab2trellix4