Authentication Bypass via Alternate Path/Channel in Fortinet FortiOS, FortiProxy, and FortiSwitchManager

Authentication Bypass via Alternate Path/Channel in Fortinet FortiOS, FortiProxy, and FortiSwitchManager

CVE-2022-40684 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Learn more about our Cis Benchmark Audit For Apple Ios.