An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Metrics
Affected Vendors & Products
References
History
Wed, 23 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-10-18T00:00:00
Updated: 2024-10-23T13:28:36.659Z
Reserved: 2022-09-14T00:00:00
Link: CVE-2022-40684
Vulnrichment
Updated: 2024-08-03T12:21:46.541Z
NVD
Status : Modified
Published: 2022-10-18T14:15:09.747
Modified: 2024-11-21T07:21:51.170
Link: CVE-2022-40684
Redhat
No data.