Known Exploited Vulnerabilities CVE-2022-40684 Mappings

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2022-40684 Fortinet Multiple Products Authentication Bypass Vulnerability primary_impact T1098.004 SSH Authorized Keys
CVE-2022-40684 Fortinet Multiple Products Authentication Bypass Vulnerability exploitation_technique T1190 Exploit Public-Facing Application