CVE-2022-40684

Vulnerability updated a month ago (2024-11-29T14:05:50.062Z)

Download STIX

Preview STIX

CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorized access to sensitive information. The issue was first noticed when cybercriminals exploited this vulnerability in October 2022, which led to severe breaches in network security. The exploitation of CVE-2022-40684 has been linked to a series of cyber attacks, primarily conducted by the Earth Lusca group. These threat actors leveraged the vulnerability for initial access into networks, often selling this access to other cybercriminals for further malicious activity. This campaign has significantly utilized this older Fortinet flaw, highlighting its ongoing potential for exploitation if left unaddressed. Alongside CVE-2022-40684, Earth Lusca also exploits several other critical vulnerabilities related to remote code execution, including CVE-2022-39952, CVE-2021-22205, CVE-2019-18935, CVE-2019-9670, and CVE-2019-9621. These vulnerabilities, when combined with the authentication bypass provided by CVE-2022-40684, pose a significant risk to network security, emphasizing the need for prompt patching and updates to mitigate these threats.

Description last updated: 2024-03-15T01:16:12.040Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Fortinet

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Volt Typhoon Threat Actor is associated with CVE-2022-40684. Volt Typhoon, a state-sponsored threat actor based in China, has been identified as a significant cybersecurity risk to critical infrastructure sectors in the United States. According to Microsoft and the Five Eyes cybersecurity and intelligence agencies, Volt Typhoon has compromised IT environments	Unspecified	2
The Earth Lusca Threat Actor is associated with CVE-2022-40684. Earth Lusca, a threat actor believed to be part of the China-backed Winnti collective, has been active since at least 2019 and is known for its cyber-espionage activities. The group primarily targets government organizations in Asia, Latin America, and other regions. Recently, it has expanded its ar	Unspecified	2

Source Document References

Information about the CVE-2022-40684 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	9 months ago	Patch Now: Critical Fortinet RCE Bug Under Active Attack
DARKReading	9 months ago	Fortinet Warns of Yet Another Critical RCE Flaw
CERT-EU	10 months ago	Sensor Intel Series: Top CVEs in December 2023
Recorded Future	a year ago	Fortinet CVE-2023-27997: Impact and Mitigation Techniques
CERT-EU	a year ago	Sensor Intel Series: Top CVEs in October 2023
CERT-EU	a year ago	Sensor Intel Series: Top CVEs in August 2023 \| F5 Labs
CERT-EU	a year ago	Hackers Deployed never-before-seen Linux Malware Attacking Government Entities
DARKReading	a year ago	China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
Securityaffairs	a year ago	Earth Lusca expands its arsenal with SprySOCKS Linux malware
Trend Micro	a year ago	Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
CISA	a year ago	2022 Top Routinely Exploited Vulnerabilities \| CISA
DARKReading	a year ago	Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway
CERT-EU	a year ago	Researchers Develop Exploit Code for Critical Fortinet VPN Bug
CERT-EU	2 years ago	Fortinet releases security advisory for critical heap-based overflow vulnerability
CERT-EU	2 years ago	The Good, the Bad and the Ugly in Cybersecurity - Week 24 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	2 years ago	Fortinet: Patched Critical Flaw May Have Been Exploited
Recorded Future	2 years ago	Fortinet CVE-2023-27997: Impact and Mitigation Techniques
Securityaffairs	2 years ago	Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls
CERT-EU	2 years ago	Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks
Unit42	2 years ago	Network Security Trends: August-October 2022