by Fortinet, a network security equipment manufacturer, recently announced a vulnerability patching news. Because the way the company notifies users is different from the past, coupled with the situation of many subsequent attacks, it has aroused everyone’s attention. The cause of this incident is mainly that Fortinet notified users to patch the CVE-2022-40684 vulnerability, and the nature of this vulnerability belongs to the authentication bypass vulnerability of the HTTP/HTTPS management interface. Its CVSS risk score reaches 9.6 points, which mainly affects them. Its three product lines are: FortiOS, FortiProxy, and FortiSwitchManager.
