Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2022-40684

Description

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

POC

Reference

- http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html

- http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0xMarcio/cve

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/sectool

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/AlgoSecure/2025-fortigate-leak-checker

- https://github.com/Andromeda254/cve

- https://github.com/Anthony1500/CVE-2022-40684

- https://github.com/Bendalledj/CVE-2022-40684

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Chocapikk/CVE-2022-40684

- https://github.com/ClickCyber/cve-2022-40684

- https://github.com/DR0p1ET404/ABNR

- https://github.com/Filiplain/Fortinet-PoC-Auth-Bypass

- https://github.com/GhostTroops/TOP

- https://github.com/Grapphy/fortipwn

- https://github.com/HAWA771/CVE-2022-40684

- https://github.com/Henry4E36/POCS

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/Kaulesh01/File-Upload-CTF

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/NeriaBasha/CVE-2022-40684

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Rofell0s/Fortigate-Leak-CVE-2022-40684

- https://github.com/Sincan2/fortinet

- https://github.com/SnailDev/github-hot-hub

- https://github.com/TaroballzChen/CVE-2022-40684-metasploit-scanner

- https://github.com/Threekiii/Awesome-POC

- https://github.com/XRSec/AWVS-Update

- https://github.com/XalfiE/Fortigate-Belsen-Leak-Dump-CVE-2022-40684-

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/Yami0x777/Belsen_Group-et-exploitation-de-la-CVE-2022-40684

- https://github.com/aneasystone/github-trending

- https://github.com/arsolutioner/fortigate-belsen-leak

- https://github.com/bigblackhat/oFx

- https://github.com/carlosevieira/CVE-2022-40684

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/dkstar11q/CVE-2022-40684

- https://github.com/fastmo/CVE-2022-28672

- https://github.com/gustavorobertux/gotigate

- https://github.com/hackingyseguridad/nmap

- https://github.com/hakrishi/stars

- https://github.com/hktalent/TOP

- https://github.com/horizon3ai/CVE-2022-40684

- https://github.com/hughink/CVE-2022-40684

- https://github.com/iveresk/CVE-2022-40684

- https://github.com/izj007/wechat

- https://github.com/jsongmax/Fortinet-CVE-2022-40684

- https://github.com/k0mi-tg/Bug-bounty

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/k8gege/Ladon

- https://github.com/karimhabush/cyberowl

- https://github.com/kljunowsky/CVE-2022-40684-POC

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/lit1numyt/docker-pentest_victim

- https://github.com/lonnyzhang423/github-hot-hub

- https://github.com/m0ox/Bug-bounty

- https://github.com/manas3c/Bug-bounty

- https://github.com/manas3c/CVE-POC

- https://github.com/mhd108/CVE-2022-40684

- https://github.com/mjutsu/Bug-bounty

- https://github.com/mohamedbenchikh/CVE-2022-40684

- https://github.com/murchie85/twitterCyberMonitor

- https://github.com/mustafaaltinkaya/fortigate-belsen-leak-IP-comparison

- https://github.com/niklasmato/Fortinet-leak-q1-2025

- https://github.com/niklasmato/fortileak-01-2025-Be

- https://github.com/nitish778191/fitness_app

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/notareaperbutDR34P3r/CVE-2022-40684-Rust

- https://github.com/oxmanasse/Bug-bounty

- https://github.com/puckiestyle/CVE-2022-40684

- https://github.com/qingsiweisan/CVE-2022-40684

- https://github.com/rey6221/fortigate-belsen-leak-with-location

- https://github.com/rxerium/stars

- https://github.com/secunnix/CVE-2022-40684

- https://github.com/sponkmonk/Ladon_english_update

- https://github.com/sug4r-wr41th/FortiGate-belsen-group-leak-IP-enricher

- https://github.com/tadmaddad/fortidig

- https://github.com/und3sc0n0c1d0/CVE-2022-40684

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whoforget/CVE-POC

- https://github.com/williamkhepri/CVE-2022-40687-metasploit-scanner

- https://github.com/youwizard/CVE-POC

- https://github.com/z-bool/CVE-2022-40684

- https://github.com/zapstiko/Bug-Bounty

- https://github.com/zhanpengliu-tencent/medium-cve