On 3rd October Fortinet issued an advisory to its customers to update their products to the latest version, as most of the products from Fortinet are found to be vulnerable to Remote authentication vulnerability, with the exploitation of the vulnerability the threat actor can gain access to the administrative interface of the vulnerable products.

The exploitation of the vulnerability is seen in the wild and Fortinet is aware of the exploitation of this vulnerability, it was found to be the threat actor crafts the http/https request to exploit the vulnerability, the weakness associated in the product is CWE-288 (Authentication Bypass Using an Alternate Path or Channel).

The vulnerability was classified as CVE-2022-40684 in the Common Vulnerability and exposures vulnerability database, which has a severity of “Critical” and a vulnerability score of 9.6 as per CVSS v3.1(Common vulnerability scoring system).

Vulnerable Products

  • FortiOS : 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
  • FortiProxy : 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
  • FortiSwitchManager : 7.2.0, 7.0.0


Upgrade to,

  • FortiOS version 7.2.2 or above
  • FortiOS version 7.0.7 or above
  • FortiProxy version 7.2.1 or above
  • FortiProxy version 7.0.7 or above
  • FortiSwitchManager version 7.2.1 or above

Follow the remediation steps provided from the below link,




Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at