CVE-2022-40684

Vulnerability updated 7 months ago (2024-05-04T16:49:19.992Z)
Download STIX
Preview STIX
CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorized access to sensitive information. The issue was first noticed when cybercriminals exploited this vulnerability in October 2022, which led to severe breaches in network security. The exploitation of CVE-2022-40684 has been linked to a series of cyber attacks, primarily conducted by the Earth Lusca group. These threat actors leveraged the vulnerability for initial access into networks, often selling this access to other cybercriminals for further malicious activity. This campaign has significantly utilized this older Fortinet flaw, highlighting its ongoing potential for exploitation if left unaddressed. Alongside CVE-2022-40684, Earth Lusca also exploits several other critical vulnerabilities related to remote code execution, including CVE-2022-39952, CVE-2021-22205, CVE-2019-18935, CVE-2019-9670, and CVE-2019-9621. These vulnerabilities, when combined with the authentication bypass provided by CVE-2022-40684, pose a significant risk to network security, emphasizing the need for prompt patching and updates to mitigate these threats.
Description last updated: 2024-03-15T01:16:12.040Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Fortinet
Vulnerability
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Volt Typhoon Threat Actor is associated with CVE-2022-40684. Volt Typhoon, a cyberespionage cluster sponsored by China, has emerged as a significant threat actor in the cybersecurity landscape. Known for its strong operational security and obfuscation of malware, Volt Typhoon is both a resilient botnet and a warning signal of potential critical infrastructureUnspecified
2
The Earth Lusca Threat Actor is associated with CVE-2022-40684. Earth Lusca, a threat actor believed to be part of the China-backed Winnti collective, has been active since at least 2019 and is known for its cyber-espionage activities. The group primarily targets government organizations in Asia, Latin America, and other regions. Recently, it has expanded its arUnspecified
2
Source Document References
Information about the CVE-2022-40684 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
8 months ago
DARKReading
8 months ago
CERT-EU
9 months ago
Recorded Future
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
Securityaffairs
a year ago
Trend Micro
a year ago
CISA
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
Recorded Future
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Unit42
2 years ago