exploitdb
WORKING POC
by ub3rsick · pythonremotewindows
https://www.exploit-db.com/exploits/52239
This Metasploit module exploits an authentication bypass vulnerability (CVE-2022-40684) in Fortinet FortiOS, FortiProxy, and FortiSwitchManager to add an SSH key to a target user's authorized_keys file, enabling remote access. It leverages a flawed API endpoint to bypass authentication and manipulate user configurations.
Classification
Working Poc 95%
Target:
Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 and earlier
No auth needed
Prerequisites:
Network access to the target device · SSH service running on the target · API endpoint exposed
exploitdb
WORKING POC
by Felipe Alcantara · bashwebappsmultiple
https://www.exploit-db.com/exploits/51092
This script exploits an authentication bypass vulnerability in Fortinet products by sending a crafted HTTP request to the API endpoint. It checks for vulnerability by dumping system information and saves the output if successful.
Classification
Working Poc 95%
Target:
FortiOS (7.2.0-7.2.1, 7.0.0-7.0.6), FortiProxy (7.2.0, 7.0.0-7.0.6), FortiSwitchManager (7.2.0, 7.0.0)
No auth needed
Prerequisites:
Network access to the target · Target running vulnerable Fortinet software
nomisec
WORKING POC
355 stars
by horizon3ai · remote
https://github.com/horizon3ai/CVE-2022-40684
This PoC exploits CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager, to add an SSH key for a specified user. It sends a crafted PUT request to the target API endpoint with a manipulated 'Forwarded' header to bypass authentication.
Classification
Working Poc 100%
Target:
Fortinet FortiOS, FortiProxy, and FortiSwitchManager
No auth needed
Prerequisites:
Target IP address · Username to add SSH key for · SSH public key file
nomisec
WORKING POC
87 stars
by carlosevieira · remote
https://github.com/carlosevieira/CVE-2022-40684
This PoC exploits an authentication bypass vulnerability in Fortinet FortiOS/FortiProxy via crafted HTTP headers to extract admin user details and LDAP configuration. It performs read-only actions without requiring authentication.
Classification
Working Poc 95%
Target:
Fortinet FortiOS/FortiProxy (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Network access to the target · Target running vulnerable FortiOS/FortiProxy
nomisec
WRITEUP
86 stars
by arsolutioner · poc
https://github.com/arsolutioner/fortigate-belsen-leak
This repository provides information and resources related to CVE-2022-40684, an authentication bypass vulnerability in Fortinet products. It includes a list of affected IPs and references for defensive research purposes.
Classification
Writeup 100%
Target:
FortiOS, FortiProxy, FortiSwitchManager
No auth needed
Prerequisites:
Publicly disclosed list of affected IPs
nomisec
WORKING POC
16 stars
by Filiplain · remote
https://github.com/Filiplain/Fortinet-PoC-Auth-Bypass
This repository contains a Bash script PoC for CVE-2022-40684, an authentication bypass vulnerability in Fortinet devices. The script sends a crafted HTTP request to dump system information by exploiting improper header handling.
Classification
Working Poc 95%
Target:
Fortinet FortiOS, FortiProxy, and FortiSwitchManager
No auth needed
Prerequisites:
Network access to the target device · Port 8443 (or custom port) accessible
nomisec
WORKING POC
15 stars
by kljunowsky · remote
https://github.com/kljunowsky/CVE-2022-40684-POC
This PoC exploits CVE-2022-40684, an authentication bypass vulnerability in FortiProxy/FortiOS, by sending a crafted PUT request to add an SSH public key to an arbitrary admin account. The script automates the process for multiple targets and usernames.
Classification
Working Poc 95%
Target:
FortiProxy / FortiOS
No auth needed
Prerequisites:
List of target URLs · List of usernames · SSH public key file
nomisec
WORKING POC
14 stars
by TaroballzChen · remote
https://github.com/TaroballzChen/CVE-2022-40684-metasploit-scanner
This is a Metasploit auxiliary module for scanning and exploiting CVE-2022-40684, an authentication bypass vulnerability in Fortinet products. It attempts to bypass authentication via crafted HTTP headers and retrieves sensitive information such as LDAP configurations and admin user details.
Classification
Working Poc 95%
Target:
Fortinet FortiOS (7.2.0-7.2.1, 7.0.0-7.0.6), FortiProxy (7.2.0, 7.0.0-7.0.6), FortiSwitchManager (7.2.0, 7.0.0)
No auth needed
Prerequisites:
Network access to the target Fortinet device · HTTP/HTTPS access to the administrative interface
nomisec
WORKING POC
11 stars
by hughink · remote
https://github.com/hughink/CVE-2022-40684
This repository provides a proof-of-concept for CVE-2022-40684, an authentication bypass vulnerability in Fortinet products. It includes HTTP requests to exploit the vulnerability by manipulating headers to bypass authentication and add an SSH public key to an admin user.
Classification
Working Poc 90%
Target:
FortiOS 7.2.0-7.2.1, 7.0.0-7.0.6; FortiProxy 7.2.0, 7.0.0-7.0.6; FortiSwitchManager 7.2.0, 7.0.0
No auth needed
Prerequisites:
Network access to the target Fortinet device · Knowledge of the target's management interface
nomisec
WORKING POC
9 stars
by qingsiweisan · remote
https://github.com/qingsiweisan/CVE-2022-40684
This PoC exploits CVE-2022-40684, an authentication bypass vulnerability in FortiGate devices, by uploading an SSH public key to gain unauthorized access. The script supports both single-target and batch exploitation via a list of hosts.
Classification
Working Poc 95%
Target:
FortiGate (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
SSH public key file · Target IP/port or list of hosts
nomisec
WORKING POC
6 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2022-40684
This PoC exploits CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager. It adds an SSH key to a specified user account, allowing remote access without authentication.
Classification
Working Poc 95%
Target:
Fortinet FortiOS (7.0.0-7.0.6, 7.2.0-7.2.1), FortiProxy (7.0.0-7.0.6, 7.2.0), FortiSwitchManager (7.0.0, 7.2.0)
No auth needed
Prerequisites:
Network access to the target device · SSH public key for the attacker
nomisec
WORKING POC
5 stars
by z-bool · remote
https://github.com/z-bool/CVE-2022-40684
This PoC exploits CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager. It enumerates admin usernames and LDAP configurations, then writes an SSH public key to a specified user account for persistent access.
Classification
Working Poc 95%
Target:
Fortinet FortiOS, FortiProxy, FortiSwitchManager (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Network access to the target device · SSH public key file
nomisec
WORKING POC
5 stars
by secunnix · remote
https://github.com/secunnix/CVE-2022-40684
This Rust-based PoC exploits CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager. It sends a crafted HTTP request with specific headers to check for vulnerability by analyzing the response status and content.
Classification
Working Poc 90%
Target:
Fortinet FortiOS, FortiProxy, and FortiSwitchManager
No auth needed
Prerequisites:
Network access to the target system · Target system running vulnerable Fortinet software
nomisec
WORKING POC
4 stars
by und3sc0n0c1d0 · infoleak
https://github.com/und3sc0n0c1d0/CVE-2022-40684
This PoC exploits CVE-2022-40684, an authentication bypass vulnerability in FortiOS/FortiProxy/FortiSwitchManager, to enumerate user accounts via an unauthenticated API endpoint. It sends a crafted HTTP request with specific headers to retrieve administrative user details.
Classification
Working Poc 95%
Target:
FortiOS / FortiProxy / FortiSwitchManager (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Network access to the target's administrative interface · Target must be vulnerable to CVE-2022-40684
nomisec
WORKING POC
4 stars
by xtwip · poc
https://github.com/xtwip/fortipwn
This is a Rust-based exploit for CVE-2022-40684, an authentication bypass vulnerability in FortiOS. It uploads an SSH public key to the target system, allowing an attacker to log in as admin via SSH.
Classification
Working Poc 95%
Target:
FortiOS (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Network access to the target FortiOS device · Valid SSH public key
nomisec
WORKING POC
2 stars
by gustavorobertux · remote
https://github.com/gustavorobertux/gotigate
This Go-based exploit targets CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS/FortiProxy. It sends a crafted HTTP request with manipulated headers to bypass authentication and retrieve admin user data.
Classification
Working Poc 95%
Target:
Fortinet FortiOS/FortiProxy
No auth needed
Prerequisites:
Network access to the target Fortinet device
nomisec
WORKING POC
2 stars
by jsongmax · remote
https://github.com/jsongmax/Fortinet-CVE-2022-40684
This repository contains a Go-based exploit for CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager. The exploit adds an SSH public key to a specified user account, allowing unauthorized access.
Classification
Working Poc 95%
Target:
Fortinet FortiOS, FortiProxy, and FortiSwitchManager (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Network access to the target device · Valid SSH public key file
nomisec
WORKING POC
2 stars
by HAWA771 · remote
https://github.com/HAWA771/CVE-2022-40684
This repository contains a functional exploit for CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager. The exploit adds an SSH key to a specified user account, allowing remote access without authentication.
Classification
Working Poc 95%
Target:
Fortinet FortiOS (7.0.0-7.0.6, 7.2.0-7.2.1), FortiProxy (7.0.0-7.0.6, 7.2.0), FortiSwitchManager (7.0.0, 7.2.0)
No auth needed
Prerequisites:
Network access to the target device · SSH public key for the attacker
nomisec
WRITEUP
1 stars
by XalfiE · poc
https://github.com/XalfiE/Fortigate-Belsen-Leak-Dump-CVE-2022-40684-
This repository contains a README describing a script to extract passwords from a specific file format related to CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS. The script processes 'vpn-passwords.txt' files, filtering out banners and extracting passwords.
Classification
Writeup 90%
Target:
Fortinet FortiOS (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Access to files containing leaked VPN credentials
nomisec
WORKING POC
1 stars
by iveresk · remote
https://github.com/iveresk/CVE-2022-40684
This PoC exploits CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager. It adds an SSH key to the specified user (default: admin) by sending a crafted HTTP PUT request with a manipulated 'Forwarded' header.
Classification
Working Poc 95%
Target:
Fortinet FortiOS, FortiProxy, FortiSwitchManager
No auth needed
Prerequisites:
Network access to the target · SSH key file for injection
nomisec
WORKING POC
1 stars
by NeriaBasha · remote
https://github.com/NeriaBasha/CVE-2022-40684
This PowerShell script exploits CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS. It sends a crafted HTTP request to the FortiGate API endpoint to extract admin user details and system information without authentication.
Classification
Working Poc 95%
Target:
Fortinet FortiOS
No auth needed
Prerequisites:
Network access to the FortiGate management interface
nomisec
WORKING POC
by pintukumar-sutradhar · remote
https://github.com/pintukumar-sutradhar/fortigate-cve-2022-40684-tool
This repository contains a functional Python tool that exploits CVE-2022-40684, an authentication bypass vulnerability in FortiGate/FortiOS devices. The tool can detect vulnerability, enumerate users, and dump configurations via exposed CMDB API endpoints.
Classification
Working Poc 95%
Target:
FortiGate/FortiOS
No auth needed
Prerequisites:
Python 3.x · requests library · prettytable library · network access to target FortiGate device
nomisec
WORKING POC
by ccordeiro · poc
https://github.com/ccordeiro/CVE-2022-40684
This PoC exploits an authentication bypass vulnerability in Fortinet FortiOS/FortiProxy via crafted HTTP headers to extract admin user details and LDAP configuration. It performs read-only actions without requiring authentication.
Classification
Working Poc 95%
Target:
Fortinet FortiOS/FortiProxy (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Network access to the target · Target running vulnerable Fortinet FortiOS/FortiProxy
nomisec
SCANNER
by Yami0x777 · poc
https://github.com/Yami0x777/Belsen_Group-et-exploitation-de-la-CVE-2022-40684
This repository contains a Python script designed to scan and analyze leaked FortiGate configuration files and VPN credentials, likely obtained via exploitation of CVE-2022-40684. It extracts IPs, emails, versions, and indicators of compromise (IOCs) from the files.
Classification
Scanner 90%
Target:
FortiGate (various versions)
No auth needed
Prerequisites:
Access to leaked FortiGate configuration files and VPN credentials
nomisec
WORKING POC
by Anthony1500 · remote
https://github.com/Anthony1500/CVE-2022-40684
This PoC exploits CVE-2022-40684, an authentication bypass vulnerability in FortiGate devices. It leverages HTTP header manipulation to access sensitive endpoints and leak admin and LDAP configuration data.
Classification
Working Poc 95%
Target:
FortiGate 7.0.0-7.0.6, 7.2.0-7.2.1
No auth needed
Prerequisites:
Network access to the target FortiGate device
nomisec
WORKING POC
by notareaperbutDR34P3r · remote
https://github.com/notareaperbutDR34P3r/CVE-2022-40684-Rust
This Rust-based PoC exploits CVE-2022-40684, an authentication bypass vulnerability in FortiOS, FortiProxy, and FortiSwitchManager. It adds an SSH public key to a specified user account via an unauthenticated API endpoint, enabling remote access.
Classification
Working Poc 95%
Target:
FortiOS, FortiProxy, FortiSwitchManager (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Network access to the target device · Valid SSH public key file
nomisec
WORKING POC
by puckiestyle · remote
https://github.com/puckiestyle/CVE-2022-40684
This PoC exploits an authentication bypass vulnerability (CVE-2022-40684) in Fortinet FortiOS, FortiProxy, and FortiSwitchManager to add an SSH key for a specified user, allowing unauthorized access.
Classification
Working Poc 100%
Target:
Fortinet FortiOS, FortiProxy, and FortiSwitchManager
No auth needed
Prerequisites:
Target IP address · Username to add SSH key for · SSH public key file
nomisec
WORKING POC
by dkstar11q · poc
https://github.com/dkstar11q/CVE-2022-40684
This is a functional exploit for CVE-2022-40684, an authentication bypass vulnerability in FortiOS, FortiProxy, and FortiSwitchManager. It allows an attacker to add an SSH key to the admin account or enumerate user and LDAP configuration details.
Classification
Working Poc 95%
Target:
FortiOS, FortiProxy, FortiSwitchManager (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Network access to the target device · SSH key file for the attack mode
nomisec
WORKING POC
by ClickCyber · remote
https://github.com/ClickCyber/cve-2022-40684
This exploit targets CVE-2022-40684, an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager. It adds an SSH public key to a specified user account via an unauthenticated HTTP PUT request, enabling remote access.
Classification
Working Poc 95%
Target:
Fortinet FortiOS, FortiProxy, FortiSwitchManager (versions affected by CVE-2022-40684)
No auth needed
Prerequisites:
Network access to the target device · Valid SSH key file