CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Nov 1, 2022
High
CISA KEVRansomwareCVE-2022-40684
Fortinet—Multiple Products
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Required Action
https://www.fortiguard.com/psirt/FG-IR-22-377; https://nvd.nist.gov/vuln/detail/CVE-2022-40684
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Oct 11, 2022
- KEV Added
- Oct 11, 2022
- Due Date
- Nov 1, 2022
- Related Articles
- 0
Vendor
Fortinet
Multiple Products