Fortinet Authentication Bypass Exploit POC Released

Horizon3.ai recently released a proof of concept on the Fortinet Authentication Bypass vulnerability. Horizon3.ai researchers created an exploit after examining the differences between the vulnerable firmware and the patched version.

Soon after releasing the proof of concept, exploit attempts numbers started to rise.

On Thursday Wordfence Threat analyst Ram Gall published a Threat Advisory
stating their team was tracking exploit attempts targeting CVE-2022-40684 on their network. At the time of publishing, they recorded several attempts and requests from over 20 IP addresses.

Most of the requests they observed trying to find whether a Fortinet appliance was in place.

But they did find a number of those IPs are also sending out PUT requests matching the recently released POC, which attempts to update the public SSH key of the admin user.