Unrated severityCISA KEVNVD Advisory· Published Oct 18, 2022· Updated Jan 12, 2026
CVE-2022-40684
CVE-2022-40684
Description
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
47.0.0, 7.2.0+ 1 more
- (no CPE)range: 7.0.0, 7.2.0
- (no CPE)range: FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiSwitchManager 7.2.0, 7.0.0
- Range: 7.0.0 - 7.0.6, 7.2.0
Patches
Vulnerability mechanics
References
3News mentions
2- New SharkLoader Malware Deploys Cobalt Strike in StrikeShark CyberattacksThe Hacker News · Jun 26, 2026
- StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoaderSecurelist · Jun 24, 2026