CVE-2022-40684
Fortinet / Multiple Products
Ransomware campaign
Added 2022-10-11
Due 2022-11-01
Fortinet Multiple Products Authentication Bypass Vulnerability
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Required action
Apply updates per vendor instructions.
Notes: https://www.fortiguard.com/psirt/FG-IR-22-377; https://nvd.nist.gov/vuln/detail/CVE-2022-40684
Metadata
| Added to KEV | 2022-10-11 |
| Remediation due | 2022-11-01 |
| Ransomware use | Known |
| CWEs | CWE-288 |
| Ingested | 2026-04-24 15:03:13 |
Cross-mesh regulatory overlay
If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.