FortiOS, FortiProxy and FortiSwitchManager - Authentication Bypass (CVE-2022-40684)

FortiOS, FortiProxy, and FortiSwitchManager are affected by an Authentication Bypass vulnerability that can lead to adding an SSH key of an existing user and gaining access to the server for an unauthorized user. The root cause of this vulnerability consists in exposing a web interface that could allow an unauthenticated user to change server configurations.

FortiOS、FortiProxy及FortiSwitchManager均受到认证绕过漏洞的影响，此漏洞可能导致向现有用户添加SSH密钥，从而允许未经授权的用户访问服务器。该漏洞的根本原因在于暴露了一个网络界面，可能使未经身份验证的用户更改服务器配置。