CVE-2022-40684

Vulnerability updated 4 months ago (2024-05-04T16:49:19.992Z)

Download STIX

Preview STIX

CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorized access to sensitive information. The issue was first noticed when cybercriminals exploited this vulnerability in October 2022, which led to severe breaches in network security. The exploitation of CVE-2022-40684 has been linked to a series of cyber attacks, primarily conducted by the Earth Lusca group. These threat actors leveraged the vulnerability for initial access into networks, often selling this access to other cybercriminals for further malicious activity. This campaign has significantly utilized this older Fortinet flaw, highlighting its ongoing potential for exploitation if left unaddressed. Alongside CVE-2022-40684, Earth Lusca also exploits several other critical vulnerabilities related to remote code execution, including CVE-2022-39952, CVE-2021-22205, CVE-2019-18935, CVE-2019-9670, and CVE-2019-9621. These vulnerabilities, when combined with the authentication bypass provided by CVE-2022-40684, pose a significant risk to network security, emphasizing the need for prompt patching and updates to mitigate these threats.

Description last updated: 2024-03-15T01:16:12.040Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Fortinet

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Volt Typhoon	Unspecified	2	Volt Typhoon, a China-sponsored threat actor group identified as one of the most dangerous and persistent nation-state actors by security researchers and the U.S. government, has been active since at least mid-2021, carrying out cyber operations against critical infrastructure. The group is known fo
Earth Lusca	Unspecified	2	Earth Lusca, a threat actor identified as being Chinese-speaking, has been active since at least the first half of 2023. The group primarily targets organizations in Southeast Asia, Central Asia, and the Balkans. Recently, it has expanded its arsenal with SprySOCKS Linux malware, a new addition that

Source Document References

Information about the CVE-2022-40684 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	5 months ago	Patch Now: Critical Fortinet RCE Bug Under Active Attack
DARKReading	6 months ago	Fortinet Warns of Yet Another Critical RCE Flaw
CERT-EU	7 months ago	Sensor Intel Series: Top CVEs in December 2023
Recorded Future	9 months ago	Fortinet CVE-2023-27997: Impact and Mitigation Techniques
CERT-EU	9 months ago	Sensor Intel Series: Top CVEs in October 2023
CERT-EU	a year ago	Sensor Intel Series: Top CVEs in August 2023 \| F5 Labs
CERT-EU	a year ago	Hackers Deployed never-before-seen Linux Malware Attacking Government Entities
DARKReading	a year ago	China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
Securityaffairs	a year ago	Earth Lusca expands its arsenal with SprySOCKS Linux malware
Trend Micro	a year ago	Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
CISA	a year ago	2022 Top Routinely Exploited Vulnerabilities \| CISA
DARKReading	a year ago	Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway
CERT-EU	a year ago	Researchers Develop Exploit Code for Critical Fortinet VPN Bug
CERT-EU	a year ago	Fortinet releases security advisory for critical heap-based overflow vulnerability
CERT-EU	a year ago	The Good, the Bad and the Ugly in Cybersecurity - Week 24 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	a year ago	Fortinet: Patched Critical Flaw May Have Been Exploited
Recorded Future	a year ago	Fortinet CVE-2023-27997: Impact and Mitigation Techniques
Securityaffairs	a year ago	Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls
CERT-EU	a year ago	Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks
Unit42	2 years ago	Network Security Trends: August-October 2022