Share
## https://sploitus.com/exploit?id=D7FAABC0-C6C7-55D7-B5DB-C0585EB16921
# CVE-2022-40684
CVE-2022-40684 Remote Fortinet Code Exeuction vulnerability

![CVE-2022-40684](fortinet.jpg?raw=true "CVE-2022-40684")


## CVE description

On October 7, public reports began to circulate that Fortinet communicated directly with customers about a critical vulnerability in its FortiOS and FortiProxy products. This vulnerability, CVE-2022-40684, has been patched, but Fortinet has not released a full advisory yet via its Product Security Incident Response Team. 

Fortinet usually follows a monthly release schedule for security advisories on the second Tuesday of every month, the same day as Microsoft’s Patch Tuesday. At the time this blog post was originally published, it remained to be seen whether Fortinet was going to follow the same schedule for the CVE-2022-40684 advisory. 

## Who is vulnerable?
Tested vulnerable hosts:
FortiOS versions: 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
FortiProxy versions: 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
FortiSwitchManager versions: 7.2.0, 7.0.0


## CVE-2022-40684 download exploit
As mentioned at the beginning, CVE-2022-40684 was given such a high CVSS score because it is remote code execution. This means it can go unnoticed by the user and potentially by the security team as well. Such a powerfull tool should not be fully public, there is strictly only a few copies available so a REAL researcher can use it:  https://satoshidisk[.]com/pay/CGdk3X

This should attract attention to importance of cyber security, it can be tempting to ignore, or palm it off to the IT team. But both of these options can leave you susceptible to real and damaging risks. Do NOT resell or leak this PoC or you can be at risk of breaking the law.


## Patching
There are currently no patches from Microsoft or Fortinet.

## Detection
Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device's logs:
user="Local_Process_Access"

## Mitigation
You should upgrade your Fortinet appliances to a firmware version with the fixes:
FortiOS version 7.2.2 or above, or version 7.0.7 or above
FortiProxy version 7.2.1 or above, or 7.0.7 or above
FortiSwitchManager version 7.2.1 or above

## Disclamer

This project is intended for educational purposes only and cannot be used for law violation or personal gain.
The authors of this project is not responsible for any damages caused by direct or indirect use of the information or functionality provided by those script.