CVE-2022-40684

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorized access to sensitive information. The issue was first noticed when cybercriminals exploited this vulnerability in October 2022, which led to severe breaches in network security. The exploitation of CVE-2022-40684 has been linked to a series of cyber attacks, primarily conducted by the Earth Lusca group. These threat actors leveraged the vulnerability for initial access into networks, often selling this access to other cybercriminals for further malicious activity. This campaign has significantly utilized this older Fortinet flaw, highlighting its ongoing potential for exploitation if left unaddressed. Alongside CVE-2022-40684, Earth Lusca also exploits several other critical vulnerabilities related to remote code execution, including CVE-2022-39952, CVE-2021-22205, CVE-2019-18935, CVE-2019-9670, and CVE-2019-9621. These vulnerabilities, when combined with the authentication bypass provided by CVE-2022-40684, pose a significant risk to network security, emphasizing the need for prompt patching and updates to mitigate these threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Fortinet
Remote Code ...
Exploit
exploited
Espionage
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Volt TyphoonUnspecified
2
Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra
Earth LuscaUnspecified
2
Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or pa
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-39952Unspecified
1
CVE-2022-39952 is a critical vulnerability in Fortinet's network access control suite, FortiNAC. This flaw, which resides in the software design or implementation, could lead to arbitrary code execution, posing a severe threat to network security. The vulnerability was identified and addressed by Fo
CVE-2021-22205Unspecified
1
CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues t
CVE-2019-18935Unspecified
1
CVE-2019-18935 is a .NET deserialization vulnerability in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in Microsoft's Internet Information Services (IIS) web server. This flaw in software design or implementation was exploited by multiple cyber threat actors, including an Advan
CVE-2019-9670Unspecified
1
None
CVE-2019-9621Unspecified
1
None
Earth Lusca Earth LuscaUnspecified
1
None
Proxyshell Cve-2021-34473Unspecified
1
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitra
Source Document References
Information about the CVE-2022-40684 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
4 months ago
Patch Now: Critical Fortinet RCE Bug Under Active Attack
DARKReading
4 months ago
Fortinet Warns of Yet Another Critical RCE Flaw
CERT-EU
5 months ago
Sensor Intel Series: Top CVEs in December 2023
Recorded Future
7 months ago
Fortinet CVE-2023-27997: Impact and Mitigation Techniques
CERT-EU
8 months ago
Sensor Intel Series: Top CVEs in October 2023
CERT-EU
10 months ago
Sensor Intel Series: Top CVEs in August 2023 | F5 Labs
CERT-EU
10 months ago
Hackers Deployed never-before-seen Linux Malware Attacking Government Entities
DARKReading
10 months ago
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
Securityaffairs
10 months ago
Earth Lusca expands its arsenal with SprySOCKS Linux malware
Trend Micro
10 months ago
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
CISA
a year ago
2022 Top Routinely Exploited Vulnerabilities | CISA
DARKReading
a year ago
Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway
CERT-EU
a year ago
Researchers Develop Exploit Code for Critical Fortinet VPN Bug
CERT-EU
a year ago
Fortinet releases security advisory for critical heap-based overflow vulnerability
CERT-EU
a year ago
The Good, the Bad and the Ugly in Cybersecurity - Week 24 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
DARKReading
a year ago
Fortinet: Patched Critical Flaw May Have Been Exploited
Recorded Future
a year ago
Fortinet CVE-2023-27997: Impact and Mitigation Techniques
Securityaffairs
a year ago
Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls
CERT-EU
a year ago
Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks
Unit42
a year ago
Network Security Trends: August-October 2022