An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-10-18T00:00:00
Updated: 2024-08-03T12:21:46.541Z
Reserved: 2022-09-14T00:00:00
Link: CVE-2022-40684
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-10-18T14:15:09.747
Modified: 2024-06-28T13:57:03.760
Link: CVE-2022-40684
Redhat
No data.