CVE-2022-40684

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorized access to sensitive information. The issue was first noticed when cybercriminals exploited this vulnerability in October 2022, which led to severe breaches in network security. The exploitation of CVE-2022-40684 has been linked to a series of cyber attacks, primarily conducted by the Earth Lusca group. These threat actors leveraged the vulnerability for initial access into networks, often selling this access to other cybercriminals for further malicious activity. This campaign has significantly utilized this older Fortinet flaw, highlighting its ongoing potential for exploitation if left unaddressed. Alongside CVE-2022-40684, Earth Lusca also exploits several other critical vulnerabilities related to remote code execution, including CVE-2022-39952, CVE-2021-22205, CVE-2019-18935, CVE-2019-9670, and CVE-2019-9621. These vulnerabilities, when combined with the authentication bypass provided by CVE-2022-40684, pose a significant risk to network security, emphasizing the need for prompt patching and updates to mitigate these threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Fortinet
Espionage
Remote Code ...
exploited
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Volt TyphoonUnspecified
2
Volt Typhoon, a China-linked Advanced Persistent Threat (APT) group, has been identified as a significant threat actor in the realm of cybersecurity. Known for their strong operational security and obfuscation techniques, Volt Typhoon has managed to remain undetected within US infrastructure for sev
Earth LuscaUnspecified
2
Earth Lusca is a threat actor, an entity responsible for executing actions with malicious intent in the cybersecurity realm. The group has recently expanded its arsenal by incorporating a new tool known as SprySOCKS Linux malware. This development poses a significant threat to Linux systems worldwid
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-39952Unspecified
1
CVE-2022-39952 is a critical vulnerability in Fortinet's network access control suite, FortiNAC. This flaw, which resides in the software design or implementation, could lead to arbitrary code execution, posing a severe threat to network security. The vulnerability was identified and addressed by Fo
CVE-2021-22205Unspecified
1
CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues t
CVE-2019-18935Unspecified
1
CVE-2019-18935 is a .NET deserialization vulnerability in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in Microsoft's Internet Information Services (IIS) web server. This flaw in software design or implementation was exploited by multiple cyber threat actors, including an Advan
CVE-2019-9670Unspecified
1
None
CVE-2019-9621Unspecified
1
None
Earth Lusca Earth LuscaUnspecified
1
None
Proxyshell Cve-2021-34473Unspecified
1
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitra
Source Document References
Information about the CVE-2022-40684 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
3 months ago
Fortinet Warns of Yet Another Critical RCE Flaw
Unit42
a year ago
Network Security Trends: August-October 2022
Recorded Future
a year ago
Fortinet CVE-2023-27997: Impact and Mitigation Techniques
DARKReading
9 months ago
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
CSO Online
a year ago
Stolen credentials increasingly empower the cybercrime underground
Recorded Future
6 months ago
Fortinet CVE-2023-27997: Impact and Mitigation Techniques
DARKReading
3 months ago
Patch Now: Critical Fortinet RCE Bug Under Active Attack
CERT-EU
4 months ago
Sensor Intel Series: Top CVEs in December 2023
CERT-EU
a year ago
Researchers Develop Exploit Code for Critical Fortinet VPN Bug
CERT-EU
a year ago
Fortinet releases security advisory for critical heap-based overflow vulnerability
CERT-EU
a year ago
Sensor Intel Series: Top CVEs in February 2023 | F5 Labs
CERT-EU
a year ago
Sensor Intel Series: Top CVEs in April 2023 | F5 Labs
Securityaffairs
a year ago
Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls
CERT-EU
a year ago
Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks
Trend Micro
9 months ago
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Securityaffairs
9 months ago
Earth Lusca expands its arsenal with SprySOCKS Linux malware
DARKReading
a year ago
Fortinet: Patched Critical Flaw May Have Been Exploited
DARKReading
a year ago
Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway
CISA
10 months ago
2022 Top Routinely Exploited Vulnerabilities | CISA
CERT-EU
7 months ago
Sensor Intel Series: Top CVEs in October 2023