VYPR
Unrated severityCISA KEVNVD Advisory· Published Oct 18, 2022· Updated Jan 12, 2026

CVE-2022-40684

CVE-2022-40684

Description

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Fortinet/Fortiswitchmanagerllm-fuzzy2 versions
    7.0.0, 7.2.0+ 1 more
    • (no CPE)range: 7.0.0, 7.2.0
    • (no CPE)range: FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiSwitchManager 7.2.0, 7.0.0
  • Range: 7.0.0 - 7.0.6, 7.2.0
  • Fortinet/Fortiosllm-fuzzy
    Range: 7.0.0 - 7.0.6, 7.2.0 - 7.2.1

Patches

Vulnerability mechanics

References

3

News mentions

2