An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
CVE-2022-40684 | Fortinet Multiple Products Authentication Bypass Vulnerability | primary_impact | T1098.004 | SSH Authorized Keys |
Comments
This authentication bypass vulnerability allows an adversary to create an admin ssh key via any HTTP method.
References
|
CVE-2022-40684 | Fortinet Multiple Products Authentication Bypass Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This authentication bypass vulnerability allows an adversary to create an admin ssh key via any HTTP method.
References
|