Update Regarding CVE-2022-40684

<!DOCTYPE HTML> <html lang="en" data-template="post-page"> <head> <link rel="preload" as="script" href="/etc/designs/fortinet/adb-target/visitorapi.min.js"/> <link rel="preload" as="script" href="/etc/designs/fortinet/adb-target/at.js"/> <script> ;(function(win, doc, style, timeout) { var STYLE_ID = 'at-body-style'; function getParent() { return doc.getElementsByTagName('head')[0]; } function addStyle(parent, id, def) { if (!parent) { return; } var style = doc.createElement('style'); style.id = id; style.innerHTML = def; parent.appendChild(style); } function removeStyle(parent, id) { if (!parent) { return; } var style = doc.getElementById(id); if (!style) { return; } parent.removeChild(style); } addStyle(getParent(), STYLE_ID, style); setTimeout(function() { removeStyle(getParent(), STYLE_ID); }, timeout); }(window, document, "body {opacity: 0 !important}", 3000)); </script> <script type="text/plain" class="optanon-category-C0003" src="/etc/designs/fortinet/adb-target/visitorapi.min.js"></script> <script type="text/plain" class="optanon-category-C0003" src="/etc/designs/fortinet/adb-target/at.js"></script> <meta charset="UTF-8"/> <title>Update Regarding CVE-2022-40684 | Fortinet Blog</title> <meta name="keywords" content="PSIRT Blogs,PSIRT"/> <meta name="description" content="Fortinet recently distributed a PSIRT advisory regarding CVE-2022-40684 that details urgent mitigation guidance. Fortinet strongly urges potentially affected customers to immediately update their FortiOS, FortiProxy, and FortiSwitchManager products. "/> <meta name="template" content="post-page"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <meta name="google-site-verification" content="tiQ03tSujT2TSsWJ6tNHiiUn8cwYVmdMQrGUCNrPQmo"/> <meta property="og:site_name" content="Fortinet Blog"/> <meta property="og:title" content="Update Regarding CVE-2022-40684 | Fortinet Blog"/> <meta property="og:url" content="https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684"/> <meta property="og:type" content="article"/> <meta property="og:description" content="Fortinet recently distributed a PSIRT advisory regarding CVE-2022-40684 that details urgent mitigation guidance. Fortinet strongly urges potentially affected customers to immediately update their F…"/> <meta property="og:image" content="https://www.fortinet.com/content/dam/fortinet-blog/article-images/psirt-cve-update-hero.jpg"/> <meta property="twitter:card" content="summary"/> <meta property="twitter:site" content="@Fortinet"/> <meta property="article:author" content="Carl Windsor"/> <meta property="article:section" content="PSIRT Blogs"/> <meta property="article:published_time" content="2022-10-14T20:05:00.000Z"/> <meta property="article:tag" content="PSIRT"/> <link rel="shortcut icon" href="/etc/designs/fortinet-blog/favicon.ico"/> <link rel="canonical" href="https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684"/> <link rel="stylesheet" href="/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css" type="text/css">   <script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" data-document-language="true" type="text/javascript" charset="UTF-8" data-domain-script="f85f39fc-d7aa-467a-b762-fbb722748016"></script> <script type="text/javascript"> function OptanonWrapper() { { try{ $('#cookiescript_injected').remove(); // remove old cookie script }catch(e){} window.dataLayer.push({ event: 'OneTrustGroupsUpdated' }); Optanon.InsertScript('//assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js','head',null, null, '1',true); } } </script>    <meta name="be:sdk" content="java_sdk_1.6.7" /> <meta name="be:timer" content="75ms" /> <meta name="be:norm_url" content="https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684" /> <meta name="be:capsule_url" content="https://ixfd1-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000310757/506863575" /> <meta name="be:api_dt" content="pny_2024; pnm_11; pnd_22; pnh_01; pnmh_41; pn_epoch:1732268464063" /> <meta name="be:mod_dt" content="pny_1969; pnm_12; pnd_31; pnh_16; pnmh_00; pn_epoch:0" /> <meta name="be:orig_url" content="https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684" /> <meta name="be:messages" content="0" /><style> .be-ix-link-block {clear:both;background-color: #000;} .be-ix-link-block .be-related-link-container { padding: 15px;padding-top: 0;margin: 0 auto;max-width: 70em;width: 92vw;} .be-ix-link-block .be-related-link-container .be-label {margin: 0;color: #fff; font-size: 2rem; font-weight: 400;} .be-ix-link-block .be-related-link-container .be-list {display: inline-block;list-style: none;margin: 0;padding: 0;margin-top: 5px;} .be-ix-link-block .be-related-link-container .be-list .be-list-item {display: inline-block;margin-right: 20px;} .be-ix-link-block .be-related-link-container .be-list .be-list-item .be-related-link{color: #fff;} .be-ix-link-block .be-related-link-container .be-list .be-list-item .be-related-link:hover{opacity: .7;color: #fff;} .be-ix-link-block .be-related-link-container .be-list .be-list-item:last-child {margin-right: 0;} .page .be-ix-link-block {clear:both;background-color:#e6e6e6;} .page .be-ix-link-block .be-related-link-container {padding-bottom: 15px;text-align: center;} .page .be-ix-link-block .be-related-link-container .be-label {color: #000;font-size: 1.3rem;font-weight: 400;} .page .be-ix-link-block .be-related-link-container .be-list {margin-top:0;} .page .be-ix-link-block .be-related-link-container .be-list .be-list-item {margin-right: 4px;} .page .be-ix-link-block .be-related-link-container .be-list .be-list-item .be-related-link{color: #000;} .page .be-ix-link-block .be-related-link-container .be-list .be-list-item .be-related-link:hover{color: #000;} .page .be-ix-link-block .be-related-link-container .be-list .be-list-item:not(:last-child):after {content: " | ";color: #000;} @media (max-width: 767px) { .be-ix-link-block .be-related-link-container{padding-bottom: 15px;} .be-ix-link-block .be-related-link-container .be-label {width: 100%;} .be-ix-link-block .be-related-link-container .be-list {display: block;width: 100%;} .be-ix-link-block .be-related-link-container .be-list .be-list-item {display: block;margin-right: 0;}} @media (min-width: 768px) { .be-ix-link-block .be-related-link-container {display: flex;} .be-ix-link-block .be-related-link-container .be-label {display: inline-block;flex-basis: 150px;flex-grow: 0;flex-shrink: 0;margin-right: 20px;} .be-ix-link-block .be-related-link-container .be-list {width: auto;} .page .be-ix-link-block .be-related-link-container .be-label {display: inline-block;flex-basis: 150px;flex-grow: 0;flex-shrink: 0;margin-right: 20px;}} </style>  </head> <body> <div class="root responsivegrid"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="b1-header aem-GridColumn aem-GridColumn--default--12"> <header class="b1-header__container"> <div class="b1-header__logo"> <a href="https://www.fortinet.com"> <img class="desktop-logo" src="/content/dam/fortinet-blog/fortinet-logo-white.svg" alt="Fortinet home"/> <img class="mobile-logo" src="/content/dam/fortinet-blog/fortinet-logo-white.svg" alt="Fortinet home"/> </a> </div> <div class="b1-header__cta-list"> <a class="b1-header__cta-list-item " href="https://www.fortinet.com/blog"> <span>Blog</span> </a> </div> <div class="b1-header__nav"><div class="b2-navigation"> <ul class="b2-navigation__list"> <li class="b2-navigation-categories"><div class="b2-navigation__list-item nav-dropdown-title">Categories</div> <ul class="navdropdown"> <li> <a class="b2-navigation__dropdown__list-item" href="/blog/business-and-technology"> <span>Business & Technology </span> </a> </li> <li> <a class="b2-navigation__dropdown__list-item" href="/blog/threat-research"> <span>FortiGuard Labs Threat Research</span> </a> </li> <li> <a class="b2-navigation__dropdown__list-item" href="/blog/industry-trends"> <span>Industry Trends</span> </a> </li> <li> <a class="b2-navigation__dropdown__list-item" href="/blog/life-at-fortinet"> <span>Life at Fortinet</span> </a> </li> <li> <a class="b2-navigation__dropdown__list-item" href="/blog/partners"> <span>Partners</span> </a> </li> <li> <a class="b2-navigation__dropdown__list-item" href="/blog/customer-stories"> <span>Customer Stories</span> </a> </li> <li> <a class="b2-navigation__dropdown__list-item" href="/blog/psirt-blogs"> <span>PSIRT Blogs</span> </a> </li> </ul> </li> <li class="m-nav-item"> <a class="b2-navigation__list-item false" href="/blog/business-and-technology"> <span>Business & Technology </span> </a> </li> <li class="m-nav-item"> <a class="b2-navigation__list-item false" href="/blog/threat-research"> <span>FortiGuard Labs Threat Research</span> </a> </li> <li class="m-nav-item"> <a class="b2-navigation__list-item false" href="/blog/industry-trends"> <span>Industry Trends</span> </a> </li> <li class="m-nav-item"> <a class="b2-navigation__list-item false" href="/blog/life-at-fortinet"> <span>Life at Fortinet</span> </a> </li> <li class="m-nav-item"> <a class="b2-navigation__list-item false" href="/blog/partners"> <span>Partners</span> </a> </li> <li class="m-nav-item"> <a class="b2-navigation__list-item false" href="/blog/customer-stories"> <span>Customer Stories</span> </a> </li> <li class="m-nav-item"> <a class="b2-navigation__list-item false" href="/blog/psirt-blogs"> <span>PSIRT Blogs</span> </a> </li> <li> <a class="b2-navigation__list-item false" href="/blog/ciso-collective"> <span>CISO Collective</span> </a> </li> </ul> </div> </div> <div id="blog-site-search" class="b1-header__search" aria-expanded="false"><div class="b3-searchbox"> <form class="b3-searchbox__form" action="/blog/search" method="get"> <input class="b3-searchbox__input" type="text" name="q" placeholder="Search Blogs"/> <button class="b3-searchbox__icon" aria-label="Search" type="submit"> <svg viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"> <path d="M15.688 14.18l-4.075-4.075C12.36 9.06 12.8 7.78 12.8 6.4 12.8 2.87 9.93 0 6.4 0 2.87 0 0 2.87 0 6.4c0 3.53 2.87 6.4 6.4 6.4 1.38 0 2.66-.44 3.705-1.187l4.075 4.075c.207.208.48.312.753.312.274 0 .547-.104.755-.312.416-.417.416-1.093 0-1.51zM2.133 6.4c0-2.357 1.91-4.267 4.267-4.267s4.267 1.91 4.267 4.267-1.91 4.267-4.267 4.267S2.133 8.757 2.133 6.4z" fill="#fff"> </path> </svg> </button> </form> </div> </div> <button class="b1-header__search-toggle" aria-controls="blog-site-search" aria-label="Search"> <svg viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"> <path d="M15.688 14.18l-4.075-4.075C12.36 9.06 12.8 7.78 12.8 6.4 12.8 2.87 9.93 0 6.4 0 2.87 0 0 2.87 0 6.4c0 3.53 2.87 6.4 6.4 6.4 1.38 0 2.66-.44 3.705-1.187l4.075 4.075c.207.208.48.312.753.312.274 0 .547-.104.755-.312.416-.417.416-1.093 0-1.51zM2.133 6.4c0-2.357 1.91-4.267 4.267-4.267s4.267 1.91 4.267 4.267-1.91 4.267-4.267 4.267S2.133 8.757 2.133 6.4z"> </path> </svg> <div class="b1-header__search-toggle-close"> <span class="b1-header__search-toggle-close-line"></span> <span class="b1-header__search-toggle-close-line"></span> </div> </button> <div class="b1-header__nav-toggle" aria-hidden="true"> <span class="b1-header__nav-toggle-line"></span> <span class="b1-header__nav-toggle-line"></span> <span class="b1-header__nav-toggle-line"></span> </div> </header> </div> <section class="b4-hero aem-GridColumn aem-GridColumn--default--12"> <div class="b4-hero__container" style="background-image:url(/content/dam/fortinet-blog/article-images/psirt-cve-update-hero.jpg);"> <img class="ratio" alt="Update Regarding CVE-2022-40684 | Fortinet Blog" aria-hidden="true" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAADCAQAAAAe/WZNAAAADklEQVR42mNkgAJGDAYAAFEABCaLYqoAAAAASUVORK5CYII="/> <div class="b4-hero__text text-container"> <p data-ly-test class="b4-hero__kicker">PSIRT Blogs</p> <h1 class="b4-hero__headline">Update Regarding CVE-2022-40684</h1> </div> </div> </section> <section class="b15-blog-meta aem-GridColumn aem-GridColumn--default--12"> <div class="b15-blog-meta__container text-container"> <span>By </span> <span class="b15-blog-meta__author"> <a href="/blog/search?author=Carl+Windsor">Carl Windsor</a> </span> <span class="b15-blog-meta__"> </span> <span class="b15-blog-meta__date"> | October 14, 2022</span> </div> </section> <div class="responsivegrid aem-GridColumn aem-GridColumn--default--12"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="raw-import aem-GridColumn aem-GridColumn--default--12"> <div class="text-container"></div> </div> <div class="cmp cmp-text aem-GridColumn aem-GridColumn--default--12"> <p>Fortinet recently distributed a PSIRT Advisory regarding<b> </b><a href="https://www.fortiguard.com/psirt/FG-IR-22-377" target="_blank">CVE-2022-40684</a> that details urgent mitigation guidance, including upgrades as well as workarounds for customers and recommended next steps. The following update and considerations are part of our efforts to communicate the availability of <a href="https://www.fortiguard.com/psirt/FG-IR-22-377" target="_blank">patches and mitigations</a> to address <a href="https://www.fortiguard.com/psirt/FG-IR-22-377" target="_blank">CVE-2022-40684</a> and also strongly urge potentially affected customers to immediately update their FortiOS, FortiProxy, and FortiSwitchManager products.</p> <p>Timely and ongoing communications with our customers is a key component in our efforts to best protect their organization. Customer communications often detail the most up-to-date guidance and recommended next steps.</p> <p>In this case, we were aware of this vulnerability being abused in a single instance, and we adjusted our usual notification process to provide confidential advanced early warning to the contact information we had for all customers running the impacted <a title="firmware" href="https://www.fortinet.com/resources/cyberglossary/what-is-firmware?utm_source=blog&utm_medium=blog&utm_campaign=blog-fireware">firmware versions</a> to enable customers to further strengthen their security posture prior to the public release to the broader audience.</p> <h2>Communication Timeline</h2> <p>The following details background and timeline activities of Fortinet’s communications and processes to date in regards to <a href="https://www.fortiguard.com/psirt/FG-IR-22-377" target="_blank">CVE-2022-40684:</a></p> <ul> <li>October 6: Issued email notification to the primary account owners of all potentially affected devices.</li> <li>October 6: Issued a Customer Support Bulletin to all customers via https://support.fortinet.com.</li> <li>October 6 onwards: Fortinet worked to notify <a href="https://www.cisa.gov/uscert" target="_blank">CISA</a> and other agencies to ensure this message has been communicated as broadly as possible in conjunction with our advisory.</li> <li>October 10: Quickly following this window of time for customer communications, Fortinet issued a public Advisory (<a href="https://www.fortiguard.com/psirt/FG-IR-22-377" target="_blank">FG-IR-22-377</a>) early morning PT.</li> <li>October 10 - Present: We continue to proactively reach out to customers, strongly urging them to immediately follow the guidance provided in connection with <a href="https://www.fortiguard.com/psirt/FG-IR-22-377" target="_blank">CVE-2022-40684</a>, as we continue monitoring the situation.</li> </ul> <p>After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party of POC code, there is active exploitation of this vulnerability. Based on this development, <b>Fortinet again recommends customers and partners take urgent and immediate action as described in the public </b><a href="https://www.fortiguard.com/psirt/FG-IR-22-377" target="_blank"><b>Advisory.</b></a><b></b></p> <h2>Additional Indicators of Compromise</h2> <p>Fortinet provided customers with an early confidential notification to enable this issue to be remediated before the vulnerability became public. As soon as it did, threat actors began to exploit the issue. As can be seen from one of our honeypot systems <i>(see screenshot below)</i>, following the initial confidential notification, threat actors began to scan the internet for devices, exploit the vulnerability to download configuration, and also install malicious administrator accounts.</p> </div> <div class="cmp cmp-image aem-GridColumn aem-GridColumn--default--12"> <noscript data-cmp-image="{"smartImages":[],"smartSizes":[],"lazyEnabled":true}"> <img src="/blog/psirt-blogs/update-regarding-cve-2022-40684/_jcr_content/root/responsivegrid/image_162146380.img.png/1670962174065/fig1.png" alt="Screengrab from FortiGuard honeypot system" class="custom"/> </noscript>  </div> <div class="cmp cmp-text aem-GridColumn aem-GridColumn--default--12"> <p><span style="font-size: 11.0pt;"><span style="font-family: Calibri , sans-serif;"><span style="font-family: Consolas;"><span style="color: black;"># show user local</span></span><br /> <span style="font-family: Consolas;"><span style="color: black;">edit "fortigate-tech-support"</span></span><br /> <span style="font-family: Consolas;"><span style="color: black;"> set accprofile "super_admin"set vdom "root"</span></span><br /> <span style="font-family: Consolas;"><span style="color: black;"> set password ENC [...]</span></span><br /> <span style="font-family: Consolas;"><span style="color: black;">next</span></span></span></span></p> </div> <div class="cmp cmp-text aem-GridColumn aem-GridColumn--default--12"> <p>Fortinet recommends that customers validate their configuration to ensure that no unauthorized changes have been implemented by a malicious third party, regardless of whether they have upgraded.</p> <p>As a PSIRT team and forward-looking security vendor, we are constantly seeking ways to engage, inform, and encourage our customers to institute mitigation best practices and to patch their systems.</p> <p>If a customer should need additional guidance, they are advised to reach out to customer support. </p> <p>Please contact <a href="mailto:PSIRT@fortinet.com">PSIRT@fortinet.com</a> if you have any other suggestions or feedback.</p> <p>Fortinet continues to follow its <a href="https://www.fortiguard.com/psirt_policy" target="_blank">PSIRT processes and best practices</a> to best mitigate the situation.</p> <p><i>For details of the Fortinet PSIRT Policy: <a href="https://www.fortiguard.com/psirt_policy" target="_blank">https://www.fortiguard.com/psirt_policy</a>.</i></p> </div> <div class="raw-import aem-GridColumn aem-GridColumn--default--12"> <div class="text-container"></div> </div> </div> </div> <div class="b16-blog-tags aem-GridColumn aem-GridColumn--default--12"> <div class="b16-blog-tags__container text-container" style="display:none"> <span class="b16-blog-tags__headline">Tags:</span> <p class="b16-blog-tags__tag-links"> <a href="https://www.fortinet.com/blog/tags-search.html?tag=psirt">PSIRT</a> </p> </div> </div> <section class="b12-related aem-GridColumn aem-GridColumn--default--12"> <div class="b12-related__container text-container"> <h3>Related Posts</h3> <div class="b12-related__posts"> <a href="/blog/psirt-blogs/update-regarding-cve-2018-13379" class="b12-related__post b12-related__post-0"> <div class="b12-related__image" style="background-image:url(/content/dam/fortinet-blog/article-images/psirt-blog/GettyImages-1175026820.jpg.thumb.319.319.png);"> <img class="ratio" alt="Update Regarding CVE-2018-13379 " aria-hidden="true" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAADCAQAAAAe/WZNAAAADklEQVR42mNkgAJGDAYAAFEABCaLYqoAAAAASUVORK5CYII="/> </div> <div class="b12-related__text"> <p class="b12-related__category"> PSIRT Blogs </p> <h5 class="b12-related__title">Update Regarding CVE-2018-13379 </h5> </div> </a> <a href="/blog/psirt-blogs/atp-29-targets-ssl-vpn-flaws" class="b12-related__post b12-related__post-1"> <div class="b12-related__image" style="background-image:url(/content/dam/fortinet-blog/article-images/blog-image-july/image.png.thumb.319.319.png);"> <img class="ratio" alt="APT 29 Targeting SSL VPN Flaws" aria-hidden="true" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAADCAQAAAAe/WZNAAAADklEQVR42mNkgAJGDAYAAFEABCaLYqoAAAAASUVORK5CYII="/> </div> <div class="b12-related__text"> <p class="b12-related__category"> PSIRT Blogs </p> <h5 class="b12-related__title">APT 29 Targeting SSL VPN Flaws</h5> </div> </a> <a href="/blog/psirt-blogs/fortios-ssl-vulnerability" class="b12-related__post b12-related__post-2"> <div class="b12-related__image" style="background-image:url(/content/dam/fortinet-blog/article-images/fortios-ssl/fortios-ssl.png.thumb.319.319.png);"> <img class="ratio" alt="FortiOS and SSL Vulnerabilities" aria-hidden="true" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAADCAQAAAAe/WZNAAAADklEQVR42mNkgAJGDAYAAFEABCaLYqoAAAAASUVORK5CYII="/> </div> <div class="b12-related__text"> <p class="b12-related__category"> PSIRT Blogs </p> <h5 class="b12-related__title">FortiOS and SSL Vulnerabilities</h5> </div> </a> </div> </div> </section> <div class="b13-comment-section aem-GridColumn aem-GridColumn--default--12"> <div class="b13-comment-section__container text-container"> </div> </div> <div class="b6-footer aem-GridColumn aem-GridColumn--default--12"> <div class="b6-footer__container text-container"> <div class="b6-footer__footer-info"> <div class="b6-footer__logo"> <a href="https://www.fortinet.com" target="_blank"> <img src="/content/dam/fortinet-blog/fortinet-logo-white.svg" alt="Fortinet"/> </a> </div> <div class="b6-footer__social-footer"> <ul> <li class="social-icon linkedin"> <a href="https://www.linkedin.com/company/fortinet" target="_blank"> <svg viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"> <path d="M15.934 15.835H12.55v-5.712c0-.897-1.008-1.64-1.905-1.64s-1.48.743-1.48 1.64v5.712H5.78V5.68h3.385v1.693c.558-.905 1.996-1.49 2.96-1.49 2.116 0 3.81 1.727 3.81 3.817v6.135zm-11.846 0H.703V5.68h3.385v10.155zM2.395.605c.935 0 1.693.757 1.693 1.69 0 .936-.758 1.694-1.693 1.694S.703 3.23.703 2.29C.703 1.36 1.46.6 2.395.6z" fill-opacity=".8" fill="#fff" fill-rule="evenodd"></path> </svg> </a> </li> <li class="social-icon twitter"> <a href="https://www.x.com/Fortinet" target="_blank"> <svg width="1200" height="1227" viewBox="0 0 1200 1227" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M714.163 519.284L1160.89 0H1055.03L667.137 450.887L357.328 0H0L468.492 681.821L0 1226.37H105.866L515.491 750.218L842.672 1226.37H1200L714.137 519.284H714.163ZM569.165 687.828L521.697 619.934L144.011 79.6944H306.615L611.412 515.685L658.88 583.579L1055.08 1150.3H892.476L569.165 687.854V687.828Z" fill="white"/> </svg> </a> </li> <li class="social-icon youtube"> <a href="https://www.youtube.com/channel/UCJHo4AuVomwMRzgkA5DQEOA?sub_confirmation=1" target="_blank"> <svg viewBox="0 0 18 14" xmlns="http://www.w3.org/2000/svg"> <path d="M7.472 11.027V3.412L12.55 7.22l-5.08 3.806zM15.934.787C15.426.62 12.294.45 9.164.45c-3.13 0-6.26.16-6.77.322-1.32.44-1.69 3.4-1.69 6.447 0 3.03.37 6 1.69 6.43.51.17 3.64.33 6.77.33 3.13 0 6.262-.16 6.77-.33 1.32-.43 1.692-3.4 1.692-6.44 0-3.047-.372-6-1.692-6.43z" fill-opacity=".8" fill="#fff" fill-rule="evenodd"></path> </svg> </a> </li> <li class="social-icon instagram"> <a href="https://www.instagram.com/fortinet/" target="_blank"> <svg viewBox="0 0 32 32" xmlns="http://www.w3.org/2000/svg"> <path class="st0" d="M16,3.7c4,0,4.5,0,6.1,0.1c1.5,0.1,2.3,0.3,2.8,0.5c0.7,0.3,1.2,0.6,1.7,1.1c0.5,0.5,0.8,1,1.1,1.7 c0.2,0.5,0.4,1.3,0.5,2.8c0.1,1.6,0.1,2.1,0.1,6.1s0,4.5-0.1,6.1c-0.1,1.5-0.3,2.3-0.5,2.8c-0.3,0.7-0.6,1.2-1.1,1.7 c-0.5,0.5-1,0.8-1.7,1.1c-0.5,0.2-1.3,0.4-2.8,0.5c-1.6,0.1-2.1,0.1-6.1,0.1s-4.5,0-6.1-0.1c-1.5-0.1-2.3-0.3-2.8-0.5 c-0.7-0.3-1.2-0.6-1.7-1.1c-0.5-0.5-0.8-1-1.1-1.7c-0.2-0.5-0.4-1.3-0.5-2.8C3.7,20.5,3.7,20,3.7,16s0-4.5,0.1-6.1 c0.1-1.5,0.3-2.3,0.5-2.8C4.6,6.5,4.9,6,5.4,5.4c0.5-0.5,1-0.8,1.7-1.1c0.5-0.2,1.3-0.4,2.8-0.5C11.5,3.7,12,3.7,16,3.7 M16,1 c-4.1,0-4.6,0-6.2,0.1C8.2,1.2,7.1,1.4,6.2,1.8c-1,0.4-1.8,0.9-2.7,1.7C2.7,4.4,2.2,5.2,1.8,6.2c-0.4,1-0.6,2-0.7,3.6 C1,11.4,1,11.9,1,16c0,4.1,0,4.6,0.1,6.2c0.1,1.6,0.3,2.7,0.7,3.6c0.4,1,0.9,1.8,1.7,2.7c0.8,0.8,1.7,1.3,2.7,1.7 c1,0.4,2,0.6,3.6,0.7C11.4,31,11.9,31,16,31s4.6,0,6.2-0.1c1.6-0.1,2.7-0.3,3.6-0.7c1-0.4,1.8-0.9,2.7-1.7c0.8-0.8,1.3-1.7,1.7-2.7 c0.4-1,0.6-2,0.7-3.6C31,20.6,31,20.1,31,16s0-4.6-0.1-6.2c-0.1-1.6-0.3-2.7-0.7-3.6c-0.4-1-0.9-1.8-1.7-2.7 c-0.8-0.8-1.7-1.3-2.7-1.7c-1-0.4-2-0.6-3.6-0.7C20.6,1,20.1,1,16,1L16,1z" fill-opacity=".8" fill="#fff" fill-rule="evenodd"></path> <path class="st0" d="M16,8.3c-4.3,0-7.7,3.4-7.7,7.7s3.4,7.7,7.7,7.7s7.7-3.4,7.7-7.7S20.3,8.3,16,8.3z M16,21c-2.8,0-5-2.2-5-5 s2.2-5,5-5s5,2.2,5,5S18.8,21,16,21z" fill-opacity=".8" fill="#fff" fill-rule="evenodd"></path> <circle class="st0" cx="24" cy="8" r="1.8" fill-opacity=".8" fill="#fff" fill-rule="evenodd"></circle> </svg> </a> </li> <li class="social-icon facebook"> <a href="https://www.facebook.com/fortinet" target="_blank"> <svg viewBox="0 0 9 18" xmlns="http://www.w3.org/2000/svg"> <path d="M8.934.758v3.385H7.24c-.583 0-.845.685-.845 1.27v2.114h2.54v3.385h-2.54v6.77H3.01v-6.77H.472V7.527H3.01V4.143c0-1.87 1.516-3.385 3.385-3.385h2.54z" fill-opacity=".8" fill="#fff" fill-rule="evenodd"></path> </svg> </a> </li> <li class="social-icon rss"> <a href="https://www.fortinet.com/rss-feeds.html" target="_blank"> <svg viewBox="0 0 18 18" xmlns="http://www.w3.org/2000/svg"> <path d="M3.072 17.68c-1.27 0-2.37-1.1-2.37-2.368 0-1.27 1.1-2.37 2.37-2.37s2.37 1.1 2.37 2.37-1.016 2.37-2.37 2.37zM.702.76v2.538c7.955 0 14.386 6.43 14.386 14.385h2.538C17.626 8.336 10.05.76.703.76zm0 5.162V8.46c5.078 0 9.224 4.146 9.224 9.223h2.54c0-6.514-5.248-11.76-11.763-11.76z" fill-opacity=".8" fill="#fff" fill-rule="evenodd"></path> </svg> </a> </li> </ul> </div> </div> <div class="b6-footer__footer-links"> <div class="b6-footer__footer-links-column"> <h4 class="b6-footer__header">News & Articles</h4> <ul> <li> <a href="https://www.fortinet.com/corporate/about-us/newsroom/press-releases.html" target="_self">News Releases</a> </li> <li> <a href="https://www.fortinet.com/corporate/about-us/newsroom/news.html" target="_blank">News Articles</a> </li> </ul> </div> <div class="b6-footer__footer-links-column"> <h4 class="b6-footer__header">Security Research</h4> <ul> <li> <a href="https://www.fortinet.com/fortiguard/threat-intelligence/threat-research.html" target="_self">Threat Research</a> </li> <li> <a href="https://fortiguard.com/" target="_self">FortiGuard Labs</a> </li> <li> <a href="https://www.fortinet.com/fortiguard/threat-intelligence/threat-map.html" target="_self">Threat Map</a> </li> <li> <a href="https://www.fortinet.com/solutions/ransomware.html" target="_self">Ransomware Prevention</a> </li> </ul> </div> <div class="b6-footer__footer-links-column"> <h4 class="b6-footer__header">Connect With Us</h4> <ul> <li> <a href="https://community.fortinet.com/" target="_blank">Fortinet Community</a> </li> <li> <a href="https://www.fortinet.com/partners/partner-program/become-a-fortinet-partner" target="_blank">Partner Portal</a> </li> <li> <a href="https://investor.fortinet.com/" target="_blank">Investor Relations</a> </li> <li> <a href="https://www.fortinet.com/corporate/about-us/product-certifications" target="_blank">Product Certifications</a> </li> </ul> </div> <div class="b6-footer__footer-links-column"> <h4 class="b6-footer__header">Company</h4> <ul> <li> <a href="https://www.fortinet.com/corporate/about-us/about-us" target="_blank">About Us</a> </li> <li> <a href="https://www.fortinet.com/corporate/about-us/executive-management" target="_self">Exec Mgmt</a> </li> <li> <a href="https://www.fortinet.com/corporate/careers" target="_self">Careers</a> </li> <li> <a href="https://www.fortinet.com/nse-training" target="_self">Training</a> </li> <li> <a href="https://www.fortinet.com/corporate/about-us/events" target="_self">Events</a> </li> <li> <a href="https://www.fortinet.com/corporate/about-us/industry-awards" target="_self">Industry Awards</a> </li> <li> <a href="https://www.fortinet.com/corporate/about-us/corporate-social-responsibility" target="_self">Social Responsibility</a> </li> <li> <a href="/resources/cyberglossary" target="_self">CyberGlossary</a> </li> <li> <a href="https://www.fortinet.com/sitemap" target="_self">Sitemap</a> </li> <li> <a href="https://www.fortinet.com/blog/blog-sitemap" target="_self">Blog Sitemap</a> </li> </ul> </div> <div class="b6-footer__contact-info"> <h4 class="b6-footer__header">Contact Us</h4> <ul> <li>(866) 868-3678</li> </ul> </div> </div> <div class="b6-footer__copyright"> <div class="b6-footer__copyright-info"> <p class="b6-footer__copyright-text">Copyright © 2024 Fortinet, Inc. All Rights Reserved</p> <a class="b6-footer__copyright-link" href="https://www.fortinet.com/corporate/about-us/legal.html" target="_blank">Terms of Services</a> <a class="b6-footer__copyright-link" href="https://www.fortinet.com/corporate/about-us/privacy.html" target="_blank">Privacy Policy</a> <span class="ot-ftnt-cookie-settings"> | <a href="#" onclick="Optanon.ToggleInfoDisplay()">Cookie Settings</a></span> </div> </div> </div>  </div> </div> </div> <script src="/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js"></script>  <div class="be-ix-link-block"> <div class="be-related-link-container container"><div class="be-label">Also of Interest:</div><ul class="be-list"><li class="be-list-item"><a class="be-related-link" href="https://www.fortinet.com/blog/ciso-collective/top-security-threats-for-government">DOJ & Top Security Threats</a></li><li class="be-list-item"><a class="be-related-link" href="https://www.fortinet.com/blog/industry-trends/paying-ransomware">Pay Ransomware Settlements?</a></li><li class="be-list-item"><a class="be-related-link" href="https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2018-13379">Update Regarding CVE-2018-13379</a></li><li class="be-list-item"><a class="be-related-link" href="https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign">Analysis of CVE-2023-27997 and Clarifications...</a></li></ul> </div>  </div>  </body> </html>

CINXE.COM

Update Regarding CVE-2022-40684 | Fortinet Blog