All the vulnerabilites related to Fortinet - FortiNAC
cve-2022-38375
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:46
Severity ?
EPSS score ?
Summary
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-329",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-329"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:48.274436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:46:49.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.6",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability [CWE-285]\u00a0 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:06:21.944Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-329",
"url": "https://fortiguard.com/psirt/FG-IR-22-329"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-38375",
"datePublished": "2023-02-16T18:06:21.944Z",
"dateReserved": "2022-08-16T14:17:48.479Z",
"dateUpdated": "2024-10-23T14:46:49.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39954
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:45
Severity ?
EPSS score ?
Summary
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-304",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-304"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:46.786394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:45:55.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:06:50.083Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-304",
"url": "https://fortiguard.com/psirt/FG-IR-22-304"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 7.2.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-39954",
"datePublished": "2023-02-16T18:06:50.083Z",
"dateReserved": "2022-09-05T13:11:35.554Z",
"dateUpdated": "2024-10-23T14:45:55.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45859
Vulnerability from cvelistv5
Published
2023-05-03 21:26
Modified
2024-10-22 20:46
Severity ?
EPSS score ?
Summary
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-456",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-456"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:08.454234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:46:40.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.6",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users\u0027 passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T21:26:47.577Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-456",
"url": "https://fortiguard.com/psirt/FG-IR-22-456"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above\nAfter the upgrade, the CLI account password should be changed.\r\nTo know which accounts require a new password, the following command can be run:\ngrep \":\\$1\" /etc/shadow\nThen, login to the CLI with that user and type \"passwd\" to change the password and update the hash."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-45859",
"datePublished": "2023-05-03T21:26:47.577Z",
"dateReserved": "2022-11-23T14:57:05.612Z",
"dateUpdated": "2024-10-22T20:46:40.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41021
Vulnerability from cvelistv5
Published
2021-12-08 17:48
Modified
2024-10-25 13:39
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-21-182 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fortinet | Fortinet FortiNAC |
Version: FortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-182"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-41021",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:13:08.920154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:39:11.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T17:48:06",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2021-41021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiNAC",
"version": {
"version_data": [
{
"version_value": "FortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-21-182",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-21-182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-41021",
"datePublished": "2021-12-08T17:48:06",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-10-25T13:39:11.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45860
Vulnerability from cvelistv5
Published
2023-05-03 21:26
Modified
2024-10-23 14:27
Severity ?
EPSS score ?
Summary
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-464",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-464"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:37.857189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:27:55.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.2",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.6",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T21:26:57.148Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-464",
"url": "https://fortiguard.com/psirt/FG-IR-22-464"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.3 or above\r\nPlease upgrade to FortiNAC-F version 7.2.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-45860",
"datePublished": "2023-05-03T21:26:57.148Z",
"dateReserved": "2022-11-23T14:57:05.613Z",
"dateUpdated": "2024-10-23T14:27:55.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22638
Vulnerability from cvelistv5
Published
2023-02-16 18:07
Modified
2024-10-23 14:32
Severity ?
EPSS score ?
Summary
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-260",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:35.344234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:32:18.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:07:06.780Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-260",
"url": "https://fortiguard.com/psirt/FG-IR-22-260"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.0 or above,\r\nPlease upgrade to FortiNAC version 9.4.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-22638",
"datePublished": "2023-02-16T18:07:06.780Z",
"dateReserved": "2023-01-05T10:06:31.522Z",
"dateUpdated": "2024-10-23T14:32:18.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26203
Vulnerability from cvelistv5
Published
2023-05-03 21:27
Modified
2024-10-23 14:27
Severity ?
EPSS score ?
Summary
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-520",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-520"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:06.726078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:27:47.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T21:27:00.343Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-520",
"url": "https://fortiguard.com/psirt/FG-IR-22-520"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.3 or above\r\nPlease upgrade to FortiNAC-F version 7.2.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-26203",
"datePublished": "2023-05-03T21:27:00.343Z",
"dateReserved": "2023-02-20T15:09:20.635Z",
"dateUpdated": "2024-10-23T14:27:47.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43950
Vulnerability from cvelistv5
Published
2023-05-03 21:26
Modified
2024-10-22 20:46
Severity ?
EPSS score ?
Summary
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions,
8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:04.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-407",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-407"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:07.298715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:46:32.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A URL redirection to untrusted site (\u0027Open Redirect\u0027) vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, \r\n 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T21:26:50.797Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-407",
"url": "https://fortiguard.com/psirt/FG-IR-22-407"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC-F version 7.2.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-43950",
"datePublished": "2023-05-03T21:26:50.797Z",
"dateReserved": "2022-10-27T07:40:06.589Z",
"dateUpdated": "2024-10-22T20:46:32.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45858
Vulnerability from cvelistv5
Published
2023-05-03 21:26
Modified
2024-10-22 20:46
Severity ?
EPSS score ?
Summary
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:02.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-452",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-452"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:05.923955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:46:24.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.6",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T21:26:54.032Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-452",
"url": "https://fortiguard.com/psirt/FG-IR-22-452"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-45858",
"datePublished": "2023-05-03T21:26:54.032Z",
"dateReserved": "2022-11-23T14:57:05.612Z",
"dateUpdated": "2024-10-22T20:46:24.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38376
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-22 20:49
Severity ?
EPSS score ?
Summary
Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-273",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-273"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:36.971265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:49:55.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to\u00a0perform an XSS attack via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:06:24.667Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-273",
"url": "https://fortiguard.com/psirt/FG-IR-22-273"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-38376",
"datePublished": "2023-02-16T18:06:24.667Z",
"dateReserved": "2022-08-16T14:17:48.479Z",
"dateUpdated": "2024-10-22T20:49:55.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-24011
Vulnerability from cvelistv5
Published
2021-05-10 11:43
Modified
2024-10-25 13:58
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-20-038 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fortinet | Fortinet FortiNAC |
Version: FortiNAC 8.8.1 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:10.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-038"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-24011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:58:53.523155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:58:57.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiNAC 8.8.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-10T11:43:18",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-038"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2021-24011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiNAC",
"version": {
"version_data": [
{
"version_value": "FortiNAC 8.8.1 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Adjacent",
"availabilityImpact": "Low",
"baseScore": 6.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-20-038",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-20-038"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-24011",
"datePublished": "2021-05-10T11:43:18",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-10-25T13:58:57.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40675
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:32
Severity ?
EPSS score ?
Summary
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-312",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-312"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:45.634338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:32:50.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:06:52.567Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-312",
"url": "https://fortiguard.com/psirt/FG-IR-22-312"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 7.2.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-40675",
"datePublished": "2023-02-16T18:06:52.567Z",
"dateReserved": "2022-09-14T13:17:43.616Z",
"dateUpdated": "2024-10-23T14:32:50.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12816
Vulnerability from cvelistv5
Published
2020-09-24 13:29
Modified
2024-10-25 14:00
Severity ?
EPSS score ?
Summary
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-20-002 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fortinet | Fortinet FortiNAC |
Version: FortiNAC before 8.7.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:09.742141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:00:57.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiNAC before 8.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T13:29:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2020-12816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiNAC",
"version": {
"version_data": [
{
"version_value": "FortiNAC before 8.7.2"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-20-002",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-20-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2020-12816",
"datePublished": "2020-09-24T13:29:01",
"dateReserved": "2020-05-12T00:00:00",
"dateUpdated": "2024-10-25T14:00:57.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39946
Vulnerability from cvelistv5
Published
2023-06-13 08:41
Modified
2024-10-22 20:46
Severity ?
EPSS score ?
Summary
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-332",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-332"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:04.710076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:46:16.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.6",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.10",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker\u00a0authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T08:41:41.234Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-332",
"url": "https://fortiguard.com/psirt/FG-IR-22-332"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.3 or above\r\nPlease upgrade to FortiNAC version 9.2.8 or above\n\u00a0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-39946",
"datePublished": "2023-06-13T08:41:41.234Z",
"dateReserved": "2022-09-05T13:11:35.552Z",
"dateUpdated": "2024-10-22T20:46:16.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31488
Vulnerability from cvelistv5
Published
2024-05-14 16:19
Modified
2024-08-02 01:52
Severity ?
EPSS score ?
Summary
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.3",
"status": "affected",
"version": "9.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "9.2.8",
"status": "affected",
"version": "9.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "9.1..10",
"status": "affected",
"version": "9.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31488",
"options": [
{
"Exploitation": "None"
},
{
"Automatable": "No"
},
{
"Technical Impact": "Total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:23.122383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:26.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-040",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-24-040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.3",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.8",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.10",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:19:08.151Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-040",
"url": "https://fortiguard.com/psirt/FG-IR-24-040"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.5 or above \nPlease upgrade to FortiNAC version 7.4.0 or above \nPlease upgrade to FortiNAC version 7.2.4 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-31488",
"datePublished": "2024-05-14T16:19:08.151Z",
"dateReserved": "2024-04-04T12:52:41.585Z",
"dateUpdated": "2024-08-02T01:52:57.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33299
Vulnerability from cvelistv5
Published
2023-06-23 07:46
Modified
2024-10-23 14:25
Severity ?
EPSS score ?
Summary
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:36.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-074",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:19:07.431174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:25:53.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.2",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T07:46:37.499Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-074",
"url": "https://fortiguard.com/psirt/FG-IR-23-074"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.3 or above Please upgrade to FortiNAC version 9.2.8 or above Please upgrade to FortiNAC version 9.1.10 or above Please upgrade to FortiNAC version 7.2.2 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-33299",
"datePublished": "2023-06-23T07:46:37.499Z",
"dateReserved": "2023-05-22T07:58:22.196Z",
"dateUpdated": "2024-10-23T14:25:53.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40677
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:32
Severity ?
EPSS score ?
Summary
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-280",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-280"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:38.204687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:32:34.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "9.4.0"
},
{
"lessThanOrEqual": "9.2.5",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.7",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:06:57.630Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-280",
"url": "https://fortiguard.com/psirt/FG-IR-22-280"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC version 7.2.0 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-40677",
"datePublished": "2023-02-16T18:06:57.630Z",
"dateReserved": "2022-09-14T13:17:43.617Z",
"dateUpdated": "2024-10-23T14:32:34.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43065
Vulnerability from cvelistv5
Published
2021-12-09 09:15
Modified
2024-10-25 13:37
Severity ?
EPSS score ?
Summary
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-21-178 | x_refsource_CONFIRM | |
| https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fortinet | Fortinet FortiNAC |
Version: FortiNAC 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:13.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:13:03.364281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:33.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiNAC 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "FUNCTIONAL",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.6,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T19:51:15",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2021-43065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiNAC",
"version": {
"version_data": [
{
"version_value": "FortiNAC 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-21-178",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-21-178"
},
{
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h",
"refsource": "MISC",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-43065",
"datePublished": "2021-12-09T09:15:04",
"dateReserved": "2021-10-28T00:00:00",
"dateUpdated": "2024-10-25T13:37:33.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26206
Vulnerability from cvelistv5
Published
2024-02-15 13:59
Modified
2024-08-02 11:39
Severity ?
EPSS score ?
Summary
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T19:50:54.521966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:53.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-063",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.2",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.8",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.10",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T13:59:23.207Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-063",
"url": "https://fortiguard.com/psirt/FG-IR-23-063"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.3 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-26206",
"datePublished": "2024-02-15T13:59:23.207Z",
"dateReserved": "2023-02-20T15:09:20.635Z",
"dateUpdated": "2024-08-02T11:39:06.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40676
Vulnerability from cvelistv5
Published
2023-03-07 16:04
Modified
2024-10-23 14:31
Severity ?
EPSS score ?
Summary
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-281",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-281"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:29.023466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:31:22.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "9.4.0"
},
{
"lessThanOrEqual": "9.2.5",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T16:04:55.119Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-281",
"url": "https://fortiguard.com/psirt/FG-IR-22-281"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.1 or above\r\nPlease upgrade to FortiNAC version 9.2.6 or above\r\nPlease upgrade to FortiNAC version 9.1.9 or above\r\nPlease upgrade to FortiNAC version 7.2.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-40676",
"datePublished": "2023-03-07T16:04:55.119Z",
"dateReserved": "2022-09-14T13:17:43.616Z",
"dateUpdated": "2024-10-23T14:31:22.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39953
Vulnerability from cvelistv5
Published
2023-03-07 16:04
Modified
2024-10-23 14:31
Severity ?
EPSS score ?
Summary
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-309",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-309"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:30.278524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:31:37.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.6",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T16:04:40.876Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-309",
"url": "https://fortiguard.com/psirt/FG-IR-22-309"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.2 or above Please upgrade to FortiNAC version 9.2.7 or above Please upgrade to FortiNAC version 9.1.9 or above Please upgrade to FortiNAC version 7.2.0 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-39953",
"datePublished": "2023-03-07T16:04:40.876Z",
"dateReserved": "2022-09-05T13:11:35.553Z",
"dateUpdated": "2024-10-23T14:31:37.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26117
Vulnerability from cvelistv5
Published
2022-07-18 00:00
Modified
2024-10-25 13:31
Severity ?
EPSS score ?
Summary
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fortinet | Fortinet FortiNAC |
Version: FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
},
{
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-058"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:12:35.607605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:31:44.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "REASONABLE",
"scope": "UNCHANGED",
"temporalScore": 8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T00:00:00",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
},
{
"url": "https://fortiguard.com/psirt/FG-IR-22-058"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-26117",
"datePublished": "2022-07-18T00:00:00",
"dateReserved": "2022-02-25T00:00:00",
"dateUpdated": "2024-10-25T13:31:44.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43951
Vulnerability from cvelistv5
Published
2023-04-11 16:05
Modified
2024-10-23 14:30
Severity ?
EPSS score ?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:04.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-409",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-409"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:39.451206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:30:12.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T16:05:46.705Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-409",
"url": "https://fortiguard.com/psirt/FG-IR-22-409"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-43951",
"datePublished": "2023-04-11T16:05:46.705Z",
"dateReserved": "2022-10-27T07:40:06.589Z",
"dateUpdated": "2024-10-23T14:30:12.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22637
Vulnerability from cvelistv5
Published
2023-05-03 21:27
Modified
2024-10-23 14:27
Severity ?
EPSS score ?
Summary
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-013",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-013"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:05.236636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:27:38.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.2",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T21:27:03.507Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-013",
"url": "https://fortiguard.com/psirt/FG-IR-23-013"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-22637",
"datePublished": "2023-05-03T21:27:03.507Z",
"dateReserved": "2023-01-05T10:06:31.522Z",
"dateUpdated": "2024-10-23T14:27:38.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5594
Vulnerability from cvelistv5
Published
2019-08-23 20:10
Modified
2024-10-25 14:05
Severity ?
EPSS score ?
Summary
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-19-140 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Fortinet FortiNAC |
Version: FortiNAC 8.3.0 to 8.3.6 and 8.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:50.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-140"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-5594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:48.118067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:05:42.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiNAC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FortiNAC 8.3.0 to 8.3.6 and 8.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T20:10:54",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-5594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiNAC",
"version": {
"version_data": [
{
"version_value": "FortiNAC 8.3.0 to 8.3.6 and 8.5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-19-140",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-19-140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-5594",
"datePublished": "2019-08-23T20:10:54",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-10-25T14:05:42.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39952
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:32
Severity ?
EPSS score ?
Summary
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-300",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-300"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:19:10.326522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:32:41.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "9.4.0"
},
{
"lessThanOrEqual": "9.2.5",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.7",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:06:55.108Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-300",
"url": "https://fortiguard.com/psirt/FG-IR-22-300"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC version 7.2.0 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-39952",
"datePublished": "2023-02-16T18:06:55.108Z",
"dateReserved": "2022-09-05T13:11:35.553Z",
"dateUpdated": "2024-10-23T14:32:41.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22633
Vulnerability from cvelistv5
Published
2023-06-13 08:41
Modified
2024-10-23 14:26
Severity ?
EPSS score ?
Summary
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-521",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-521"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:36.164159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:26:31.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.6",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T08:41:44.268Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-521",
"url": "https://fortiguard.com/psirt/FG-IR-22-521"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above\r\nPlease upgrade to FortiNAC version 9.1.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-22633",
"datePublished": "2023-06-13T08:41:44.268Z",
"dateReserved": "2023-01-05T10:06:31.521Z",
"dateUpdated": "2024-10-23T14:26:31.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40678
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:46
Severity ?
EPSS score ?
Summary
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-265",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-265"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:39.590106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:46:07.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "9.4.0"
},
{
"lessThanOrEqual": "9.2.5",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.7",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:06:47.487Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-265",
"url": "https://fortiguard.com/psirt/FG-IR-22-265"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.1 or above\r\nPlease upgrade to FortiNAC version 9.2.6 or above\r\nPlease upgrade to FortiNAC version 9.1.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-40678",
"datePublished": "2023-02-16T18:06:47.487Z",
"dateReserved": "2022-09-14T13:17:43.617Z",
"dateUpdated": "2024-10-23T14:46:07.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26116
Vulnerability from cvelistv5
Published
2022-05-11 07:20
Modified
2024-10-25 13:31
Severity ?
EPSS score ?
Summary
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-22-062 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fortinet | Fortinet FortiNAC |
Version: FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-062"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:12:37.375269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:31:55.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of special elements used in SQL commands (\u0027SQL Injection\u0027) vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T07:20:10",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2022-26116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiNAC",
"version": {
"version_data": [
{
"version_value": "FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below."
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple improper neutralization of special elements used in SQL commands (\u0027SQL Injection\u0027) vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-062",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-22-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-26116",
"datePublished": "2022-05-11T07:20:10",
"dateReserved": "2022-02-25T00:00:00",
"dateUpdated": "2024-10-25T13:31:55.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202305-0134
Vulnerability from variot
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from the use of a weak encryption algorithm vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45858"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.6",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.0",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45858"
}
]
},
"cve": "CVE-2022-45858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-45858",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-45858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-189",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45858"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from the use of a weak encryption algorithm vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45858"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-189"
},
{
"db": "VULMON",
"id": "CVE-2022-45858"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45858",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.2497",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202305-189",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-45858",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45858"
},
{
"db": "NVD",
"id": "CVE-2022-45858"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
]
},
"id": "VAR-202305-0134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-05-12T22:41:09.715000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiNAC Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237179"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-452"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45858/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2497"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45858"
},
{
"db": "NVD",
"id": "CVE-2022-45858"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-45858"
},
{
"db": "NVD",
"id": "CVE-2022-45858"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45858"
},
{
"date": "2023-05-03T22:15:00",
"db": "NVD",
"id": "CVE-2022-45858"
},
{
"date": "2023-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45858"
},
{
"date": "2023-05-11T17:50:00",
"db": "NVD",
"id": "CVE-2022-45858"
},
{
"date": "2023-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Encryption problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-189"
}
],
"trust": 0.6
}
}
var-202303-0444
Vulnerability from variot
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-0444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.8"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.0 to 8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 to 9.1.8"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 to 9.2.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 to 8.6.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.0 to 8.8.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"db": "NVD",
"id": "CVE-2022-40676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.5",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.8",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40676"
}
]
},
"cve": "CVE-2022-40676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2022-40676",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-40676",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40676",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202303-493",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-493"
},
{
"db": "NVD",
"id": "CVE-2022-40676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. fortinet\u0027s FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40676"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-493"
},
{
"db": "VULMON",
"id": "CVE-2022-40676"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40676",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020657",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202303-493",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40676",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-40676"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-493"
},
{
"db": "NVD",
"id": "CVE-2022-40676"
}
]
},
"id": "VAR-202303-0444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-11-07T22:54:39.500000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-281",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-281"
},
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229004"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-493"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"db": "NVD",
"id": "CVE-2022-40676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-281"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40676"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40676/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-40676"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-493"
},
{
"db": "NVD",
"id": "CVE-2022-40676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-40676"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-493"
},
{
"db": "NVD",
"id": "CVE-2022-40676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40676"
},
{
"date": "2023-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"date": "2023-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-493"
},
{
"date": "2023-03-07T17:15:00",
"db": "NVD",
"id": "CVE-2022-40676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40676"
},
{
"date": "2023-11-06T07:30:00",
"db": "JVNDB",
"id": "JVNDB-2022-020657"
},
{
"date": "2023-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-493"
},
{
"date": "2023-03-14T15:29:00",
"db": "NVD",
"id": "CVE-2022-40676"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-493"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020657"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-493"
}
],
"trust": 0.6
}
}
var-202305-0225
Vulnerability from variot
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.3"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26203"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.3",
"versionStartIncluding": "9.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26203"
}
]
},
"cve": "CVE-2023-26203",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-26203",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-26203",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-194",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26203"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26203"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-194"
},
{
"db": "VULMON",
"id": "CVE-2023-26203"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-26203",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202305-194",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-26203",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-26203"
},
{
"db": "NVD",
"id": "CVE-2023-26203"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
]
},
"id": "VAR-202305-0225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-05-11T22:51:38.714000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiNAC Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=236981"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26203"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-520"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-26203/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-26203"
},
{
"db": "NVD",
"id": "CVE-2023-26203"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-26203"
},
{
"db": "NVD",
"id": "CVE-2023-26203"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26203"
},
{
"date": "2023-05-03T22:15:00",
"db": "NVD",
"id": "CVE-2023-26203"
},
{
"date": "2023-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26203"
},
{
"date": "2023-05-10T20:44:00",
"db": "NVD",
"id": "CVE-2023-26203"
},
{
"date": "2023-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-194"
}
],
"trust": 0.6
}
}
var-202112-0525
Vulnerability from variot
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. FortiNAC Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that could allow an authenticated attacker to access sensitive system data, thereby elevating the authority of an authenticated user to an administrator
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0525",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.10"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.4"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.3 and earlier"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.9 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"cve": "CVE-2021-43065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43065",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-404115",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-43065",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-015921",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43065",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-43065",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-43065",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-524",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-404115",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. FortiNAC Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that could allow an authenticated attacker to access sensitive system data, thereby elevating the authority of an authenticated user to an administrator",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
},
{
"db": "VULHUB",
"id": "VHN-404115"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43065",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.4151",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021120719",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-102801",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-404115",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"id": "VAR-202112-0525",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:32:59.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-178",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-21-178"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173979"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/orangecertcc/security-research/security/advisories/ghsa-8wx4-g5p9-348h"
},
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-21-178"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43065"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120719"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4151"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-404115"
},
{
"date": "2022-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-524"
},
{
"date": "2021-12-09T10:15:11.847000",
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-404115"
},
{
"date": "2022-12-02T07:27:00",
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-524"
},
{
"date": "2024-11-21T06:28:37.820000",
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 Vulnerability in improper permission assignment for critical resources in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
],
"trust": 0.6
}
}
var-202305-0038
Vulnerability from variot
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC 7.2.0, FortiNAC 9.4.2 and earlier, 9.2, 9.1, 8.8, and 8.7 have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0038",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.3"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22637"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22637"
}
]
},
"cve": "CVE-2023-22637",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2023-22637",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-22637",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-193",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22637"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC 7.2.0, FortiNAC 9.4.2 and earlier, 9.2, 9.1, 8.8, and 8.7 have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22637"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-193"
},
{
"db": "VULMON",
"id": "CVE-2023-22637"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22637",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.2498",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202305-193",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-22637",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-22637"
},
{
"db": "NVD",
"id": "CVE-2023-22637"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
]
},
"id": "VAR-202305-0038",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-05-10T22:02:45.820000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=236785"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22637"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-23-013"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-22637/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22637"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-22637"
},
{
"db": "NVD",
"id": "CVE-2023-22637"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-22637"
},
{
"db": "NVD",
"id": "CVE-2023-22637"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22637"
},
{
"date": "2023-05-03T22:15:00",
"db": "NVD",
"id": "CVE-2023-22637"
},
{
"date": "2023-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22637"
},
{
"date": "2023-05-09T20:45:00",
"db": "NVD",
"id": "CVE-2023-22637"
},
{
"date": "2023-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-193"
}
],
"trust": 0.6
}
}
var-202105-0663
Vulnerability from variot
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. FortiNAC Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. FortiNAC has vulnerabilities in permissions and access control issues. The vulnerabilities stem from the incorrect application of security restrictions. This vulnerability allows remote users to elevate privileges on the system. The following products and versions are affected: FortiNAC: 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.5.0, 8.5.1, 8.5 .2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.7.0, 8.7.1, 8.7.2, 8.7.4 , 8.7.5, 8.7.6, 8.8.0, 8.8.1. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0663",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"cve": "CVE-2021-24011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-24011",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-382729",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-24011",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "psirt@fortinet.com",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-24011",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-24011",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-24011",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-24011",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-24011",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-180",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-382729",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-24011",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. FortiNAC Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortiNAC has vulnerabilities in permissions and access control issues. The vulnerabilities stem from the incorrect application of security restrictions. This vulnerability allows remote users to elevate privileges on the system. The following products and versions are affected: FortiNAC: 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.5.0, 8.5.1, 8.5 .2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.7.0, 8.7.1, 8.7.2, 8.7.4 , 8.7.5, 8.7.6, 8.8.0, 8.8.1. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-24011",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.1510",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050506",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-382729",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-24011",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"id": "VAR-202105-0663",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-382729"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:07:14.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-20-038",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-20-038"
},
{
"title": "Fortinet FortiNAC Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151200"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/advisory/fg-ir-20-038"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-24011"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1510"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050506"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-382729"
},
{
"date": "2021-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"date": "2022-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"date": "2021-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-10T12:15:07.640000",
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-382729"
},
{
"date": "2021-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"date": "2022-01-20T07:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 Vulnerability in privilege management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
}
],
"trust": 0.6
}
}
var-202302-1299
Vulnerability from variot
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. fortinet's FortiNAC Exists in a vulnerability in inserting or modifying arguments.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper neutralization of parameters. The following versions are affected: 9.4.0, 9.2.0 to 9.2.5, 9.1.0 to 9.1.7, 8.8.0 to 8.8.11, 8.7.0 to 8.7.6, Version 8.6.0 to version 8.6.5, version 8.5.0 to version 8.5.4, version 8.3.7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1299",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.5"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 to 8.6.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 to 9.2.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.0 to 8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 to 9.1.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.0 to 8.8.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"cve": "CVE-2022-40677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-40677",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-40677",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40677",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-40677",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-40677",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-40677",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1432",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. fortinet\u0027s FortiNAC Exists in a vulnerability in inserting or modifying arguments.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from improper neutralization of parameters. The following versions are affected: 9.4.0, 9.2.0 to 9.2.5, 9.1.0 to 9.1.7, 8.8.0 to 8.8.11, 8.7.0 to 8.7.6, Version 8.6.0 to version 8.6.5, version 8.5.0 to version 8.5.4, version 8.3.7",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
},
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "VULMON",
"id": "CVE-2022-40677"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40677",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-436490",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-40677",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"id": "VAR-202302-1299",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-436490"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:37:08.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-280",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-22-280"
},
{
"title": "Fortinet FortiNAC Repair measures for parameter injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226974"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-88",
"trust": 1.1
},
{
"problemtype": "Insert or change arguments (CWE-88) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-280"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40677"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40677/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-436490"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1432"
},
{
"date": "2023-02-16T19:15:13.250000",
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-436490"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"date": "2023-10-30T01:06:00",
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1432"
},
{
"date": "2023-11-07T03:52:34.873000",
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability in inserting or changing arguments in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "parameter injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
],
"trust": 0.6
}
}
var-202302-1269
Vulnerability from variot
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac-f",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-f 7.2.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 that\u0027s all 9.2.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0 that\u0027s all 9.4.2"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "7.2.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"cve": "CVE-2022-38375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-38375",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-38375",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38375",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38375",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-38375",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-38375",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1440",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper authorization vulnerability [CWE-285]\u00a0 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. fortinet\u0027s FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "VULMON",
"id": "CVE-2022-38375"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38375",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-434169",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-38375",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"id": "VAR-202302-1269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-434169"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:30:44.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-329",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/FG-IR-22-329"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226809"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-285",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-329"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38375"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38375/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-434169"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1440"
},
{
"date": "2023-02-16T19:15:12.797000",
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-434169"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"date": "2023-10-30T07:28:00",
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1440"
},
{
"date": "2023-11-07T03:50:06.460000",
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 and \u00a0FortiNAC-F\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
],
"trust": 0.6
}
}
var-202302-1445
Vulnerability from variot
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1445",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac-f",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-f 7.2.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7 to 9.2.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0 that\u0027s all 9.4.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"cve": "CVE-2022-40675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-40675",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2022-40675",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40675",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-40675",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-40675",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-40675",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1433",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet\u0027s FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "VULMON",
"id": "CVE-2022-40675"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40675",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-436488",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-40675",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"id": "VAR-202302-1445",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-436488"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:32:14.414000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-312",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/FG-IR-22-312"
},
{
"title": "Fortinet FortiNAC Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226803"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-327",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-312"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40675"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40675/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-436488"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1433"
},
{
"date": "2023-02-16T19:15:13.187000",
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-436488"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"date": "2023-10-30T05:48:00",
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1433"
},
{
"date": "2023-11-07T03:52:34.577000",
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 and \u00a0FortiNAC-F\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
],
"trust": 0.6
}
}
var-202205-0408
Vulnerability from variot
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. FortiNAC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC versions 8.3.7 to 9.2.2 have a SQL injection vulnerability that stems from insufficient sanitization of user-supplied data. The vulnerability could be exploited by a remote user to send a specially crafted request to an affected application to execute arbitrary SQL commands in the application database. SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0408",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.2"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.5"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.2"
},
{
"model": "fortinac",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"cve": "CVE-2022-26116",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2022-26116",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-416877",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-26116",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-26116",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26116",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26116",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-26116",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-26116",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2037",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-416877",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-26116",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple improper neutralization of special elements used in SQL commands (\u0027SQL Injection\u0027) vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. FortiNAC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC versions 8.3.7 to 9.2.2 have a SQL injection vulnerability that stems from insufficient sanitization of user-supplied data. The vulnerability could be exploited by a remote user to send a specially crafted request to an affected application to execute arbitrary SQL commands in the application database. SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
},
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26116",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022050319",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-50944",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-416877",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26116",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"id": "VAR-202205-0408",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:32:49.026000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-062",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-22-062"
},
{
"title": "Fortinet FortiNAC SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193411"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-062"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26116"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050319"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26116/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-416877"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"date": "2022-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2037"
},
{
"date": "2022-05-11T08:15:06.687000",
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-416877"
},
{
"date": "2022-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"date": "2023-08-22T06:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"date": "2022-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2037"
},
{
"date": "2024-11-21T06:53:27.763000",
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
],
"trust": 0.6
}
}
var-202302-1353
Vulnerability from variot
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. fortinet's FortiNAC and FortiNAC-F for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac-f",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac-f",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"cve": "CVE-2022-39954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-39954",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2022-39954",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-39954",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39954",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-39954",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-39954",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1435",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. fortinet\u0027s FortiNAC and FortiNAC-F for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "VULMON",
"id": "CVE-2022-39954"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39954",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1054",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-435751",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-39954",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"id": "VAR-202302-1353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-435751"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:30:44.521000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-304",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-22-304"
},
{
"title": "Fortinet FortiNAC Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226975"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.1
},
{
"problemtype": "XML Improper restriction of external entity references (CWE-611) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-304"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39954"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39954/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-435751"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1435"
},
{
"date": "2023-02-16T19:15:13.120000",
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-435751"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"date": "2023-10-30T01:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1435"
},
{
"date": "2023-11-07T03:50:41.493000",
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 and \u00a0FortiNAC-F\u00a0 In \u00a0XML\u00a0 External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
],
"trust": 0.6
}
}
var-202302-1417
Vulnerability from variot
Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 that\u0027s all 9.4.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"cve": "CVE-2022-38376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2022-38376",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-38376",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38376",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-38376",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-38376",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1439",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to\u00a0perform an XSS attack via crafted HTTP requests. fortinet\u0027s FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "VULMON",
"id": "CVE-2022-38376"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38376",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-434170",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-38376",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"id": "VAR-202302-1417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-434170"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:26:48.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-273",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/FG-IR-22-273"
},
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226808"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-273"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38376"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38376/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-434170"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1439"
},
{
"date": "2023-02-16T19:15:12.860000",
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-434170"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"date": "2023-10-30T07:28:00",
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1439"
},
{
"date": "2023-11-07T03:50:06.630000",
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
],
"trust": 0.6
}
}
var-202302-1489
Vulnerability from variot
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. fortinet's FortiNAC There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability, which stems from. The following versions are affected: versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0through 8.5.4, 8.3.7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1489",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.5"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 to 8.6.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 to 9.2.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.0 to 8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 to 9.1.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.0 to 8.8.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"cve": "CVE-2022-40678",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-40678",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.4,
"id": "CVE-2022-40678",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40678",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-40678",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-40678",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-40678",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1431",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. fortinet\u0027s FortiNAC There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability, which stems from. The following versions are affected: versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0through 8.5.4, 8.3.7",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
},
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "VULMON",
"id": "CVE-2022-40678"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40678",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-436491",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-40678",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"id": "VAR-202302-1489",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-436491"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:03.849000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-265",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-22-265"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226973"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-265"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40678"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40678/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-436491"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1431"
},
{
"date": "2023-02-16T19:15:13.313000",
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-436491"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"date": "2023-10-30T01:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1431"
},
{
"date": "2023-11-07T03:52:34.990000",
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability regarding insufficient protection of authentication information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
],
"trust": 0.6
}
}
var-202304-0865
Vulnerability from variot
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-0865",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac-f",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43951"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43951"
}
]
},
"cve": "CVE-2022-43951",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-43951",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-43951",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-761",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43951"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43951"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-43951",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-202304-761",
"trust": 0.6
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43951"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
]
},
"id": "VAR-202304-0865",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-04-22T22:48:30.984000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234182"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43951"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://fortiguard.com/psirt/fg-ir-22-409"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-43951/"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43951"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-43951"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-11T17:15:00",
"db": "NVD",
"id": "CVE-2022-43951"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-18T19:27:00",
"db": "NVD",
"id": "CVE-2022-43951"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-761"
}
],
"trust": 0.6
}
}
var-202305-0133
Vulnerability from variot
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from insufficiently protected credentials
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0133",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.8"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45859"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.7",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.8",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45859"
}
]
},
"cve": "CVE-2022-45859",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2022-45859",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-45859",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-191",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45859"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users\u0027 passwords. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from insufficiently protected credentials",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45859"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-191"
},
{
"db": "VULMON",
"id": "CVE-2022-45859"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45859",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202305-191",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-45859",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45859"
},
{
"db": "NVD",
"id": "CVE-2022-45859"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
]
},
"id": "VAR-202305-0133",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-05-12T22:52:07.188000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235765"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45859"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-456"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45859/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45859"
},
{
"db": "NVD",
"id": "CVE-2022-45859"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-45859"
},
{
"db": "NVD",
"id": "CVE-2022-45859"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45859"
},
{
"date": "2023-05-03T22:15:00",
"db": "NVD",
"id": "CVE-2022-45859"
},
{
"date": "2023-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45859"
},
{
"date": "2023-05-11T17:48:00",
"db": "NVD",
"id": "CVE-2022-45859"
},
{
"date": "2023-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-191"
}
],
"trust": 0.6
}
}
var-202302-1327
Vulnerability from variot
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.9"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 to 8.6.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 to 9.2.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 to 9.1.9"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.0 to 8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.0 to 8.8.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"cve": "CVE-2023-22638",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2023-22638",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-22638",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-22638",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-22638",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2023-22638",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-22638",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1424",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet\u0027s FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
},
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22638",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1053",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-450600",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-22638",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"id": "VAR-202302-1327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:11:01.538000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-260",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-22-260"
},
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226968"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-260"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22638"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1053"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-22638/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-450600"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1424"
},
{
"date": "2023-02-16T19:15:13.977000",
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-450600"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"date": "2023-10-30T01:13:00",
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1424"
},
{
"date": "2023-11-07T04:07:11.260000",
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
],
"trust": 0.6
}
}
var-202305-0103
Vulnerability from variot
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from a weak authentication flaw in the device registration page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.6"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45860"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45860"
}
]
},
"cve": "CVE-2022-45860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-45860",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-45860",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-192",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45860"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from a weak authentication flaw in the device registration page",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45860"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-192"
},
{
"db": "VULMON",
"id": "CVE-2022-45860"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45860",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202305-192",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-45860",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45860"
},
{
"db": "NVD",
"id": "CVE-2022-45860"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
]
},
"id": "VAR-202305-0103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-05-12T22:47:38.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiNAC Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237181"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-464"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45860/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45860"
},
{
"db": "NVD",
"id": "CVE-2022-45860"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-45860"
},
{
"db": "NVD",
"id": "CVE-2022-45860"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45860"
},
{
"date": "2023-05-03T22:15:00",
"db": "NVD",
"id": "CVE-2022-45860"
},
{
"date": "2023-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45860"
},
{
"date": "2023-05-11T17:48:00",
"db": "NVD",
"id": "CVE-2022-45860"
},
{
"date": "2023-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Authorization problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-192"
}
],
"trust": 0.6
}
}
var-202009-0095
Vulnerability from variot
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. FortiNAC 8.7.2 and earlier versions have cross-site scripting vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.3"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"cve": "CVE-2020-12816",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12816",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-165532",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-12816",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12816",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1378",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-165532",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortiNAC 8.7.2 and earlier versions have cross-site scripting vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12816"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
},
{
"db": "VULHUB",
"id": "VHN-165532"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12816",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3261",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-57049",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-165532",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"id": "VAR-202009-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:25:22.731000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129749"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-20-002"
},
{
"trust": 1.6,
"url": "https://www.fortiguard.com/psirt/fg-ir-20-002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3261/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12816"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-165532"
},
{
"date": "2020-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1378"
},
{
"date": "2020-09-24T15:15:13.093000",
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-165532"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1378"
},
{
"date": "2024-11-21T05:00:19.927000",
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
],
"trust": 0.6
}
}
var-202302-1271
Vulnerability from variot
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. fortinet's FortiNAC Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.8"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.9"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0 that\u0027s all 9.4.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7 to 8.8.9"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 that\u0027s all 9.1.8"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 that\u0027s all 9.2.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"cve": "CVE-2022-39952",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-39952",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-39952",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39952",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-39952",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-39952",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1434",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. fortinet\u0027s FortiNAC Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "VULMON",
"id": "CVE-2022-39952"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39952",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-435749",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-39952",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"id": "VAR-202302-1271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-435749"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:18.628000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-300",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/FG-IR-22-300"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226804"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Florian-R0th/CVE-2022-39952 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-73",
"trust": 1.0
},
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-610",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-300"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39952"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39952/"
},
{
"trust": 0.1,
"url": "https://github.com/florian-r0th/cve-2022-39952"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-435749"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1434"
},
{
"date": "2023-02-16T19:15:13.060000",
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-435749"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"date": "2023-10-30T06:18:00",
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1434"
},
{
"date": "2023-11-07T03:50:41.250000",
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability in leaking resources to the wrong area in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
],
"trust": 0.6
}
}
var-202207-0114
Vulnerability from variot
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.4"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.2"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.6"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.11 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.5 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.6 and earlier"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.3 and earlier"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.2 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.5 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"cve": "CVE-2022-26117",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-26117",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-015258",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26117",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-26117",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-015258",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-383",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
},
{
"db": "VULHUB",
"id": "VHN-416878"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26117",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3268",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070529",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-416878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416878"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"id": "VAR-202207-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-416878"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:21:45.915000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-058",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-22-058"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=201341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.1
},
{
"problemtype": "Weak password request (CWE-521) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416878"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-058"
},
{
"trust": 1.7,
"url": "https://github.com/orangecertcc/security-research/security/advisories/ghsa-r259-5p5p-2q47"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26117"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26117/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070529"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3268"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416878"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-416878"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-416878"
},
{
"date": "2023-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"date": "2022-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-383"
},
{
"date": "2022-07-18T18:15:09.017000",
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-416878"
},
{
"date": "2023-09-26T05:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-383"
},
{
"date": "2023-02-16T19:28:48.090000",
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 Vulnerability in requesting weak passwords in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
],
"trust": 0.6
}
}
var-202305-0039
Vulnerability from variot
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability due to an open redirection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43950"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43950"
}
]
},
"cve": "CVE-2022-43950",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-43950",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-43950",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-190",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43950"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A URL redirection to untrusted site (\u0027Open Redirect\u0027) vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, \r\n 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability due to an open redirection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43950"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-190"
},
{
"db": "VULMON",
"id": "CVE-2022-43950"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-43950",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202305-190",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-43950",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-43950"
},
{
"db": "NVD",
"id": "CVE-2022-43950"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
]
},
"id": "VAR-202305-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-05-12T22:56:32.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiNAC Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237180"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43950"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-407"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-43950/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-43950"
},
{
"db": "NVD",
"id": "CVE-2022-43950"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-43950"
},
{
"db": "NVD",
"id": "CVE-2022-43950"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-43950"
},
{
"date": "2023-05-03T22:15:00",
"db": "NVD",
"id": "CVE-2022-43950"
},
{
"date": "2023-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-43950"
},
{
"date": "2023-05-11T17:51:00",
"db": "NVD",
"id": "CVE-2022-43950"
},
{
"date": "2023-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-190"
}
],
"trust": 0.6
}
}
var-202306-1251
Vulnerability from variot
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from an access control flaw. The following versions are affected: versions 9.4.2 and earlier, versions 9.2.7 and earlier, all versions 9.1, all versions 8.8, all versions 8.7, all versions 8.6, and all versions 8.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-1251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.10"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.8"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39946"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.10",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.8",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39946"
}
]
},
"cve": "CVE-2022-39946",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-39946",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-39946",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-896",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39946"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker\u00a0authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from an access control flaw. The following versions are affected: versions 9.4.2 and earlier, versions 9.2.7 and earlier, all versions 9.1, all versions 8.8, all versions 8.7, all versions 8.6, and all versions 8.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39946"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39946",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-202306-896",
"trust": 0.6
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39946"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
]
},
"id": "VAR-202306-1251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-06-19T22:37:26.978000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://fortiguard.com/psirt/fg-ir-22-332"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39946/"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39946"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39946"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-13T09:15:00",
"db": "NVD",
"id": "CVE-2022-39946"
},
{
"date": "2023-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-16T18:40:00",
"db": "NVD",
"id": "CVE-2022-39946"
},
{
"date": "2023-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-896"
}
],
"trust": 0.6
}
}
var-202306-1795
Vulnerability from variot
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-1795",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.9"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33299"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.9",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33299"
}
]
},
"cve": "CVE-2023-33299",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-33299",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-33299",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-1663",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33299"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33299"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-1663"
},
{
"db": "VULMON",
"id": "CVE-2023-33299"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-33299",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.3637",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202306-1663",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-33299",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-33299"
},
{
"db": "NVD",
"id": "CVE-2023-33299"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
]
},
"id": "VAR-202306-1795",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-07-04T22:27:30.586000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiNAC Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=244239"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33299"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-23-074"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3637"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-33299/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-33299"
},
{
"db": "NVD",
"id": "CVE-2023-33299"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-33299"
},
{
"db": "NVD",
"id": "CVE-2023-33299"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33299"
},
{
"date": "2023-06-23T08:15:00",
"db": "NVD",
"id": "CVE-2023-33299"
},
{
"date": "2023-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33299"
},
{
"date": "2023-07-03T18:59:00",
"db": "NVD",
"id": "CVE-2023-33299"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-1663"
}
],
"trust": 0.6
}
}
var-202303-0336
Vulnerability from variot
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. fortinet's FortiNAC Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper privilege management
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-0336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.8"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.0 to 8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 to 9.1.8"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 to 9.2.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 to 8.6.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.0 to 8.8.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"db": "NVD",
"id": "CVE-2022-39953"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.8",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.6",
"versionStartIncluding": "9.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39953"
}
]
},
"cve": "CVE-2022-39953",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-39953",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-39953",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-39953",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202303-495",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-495"
},
{
"db": "NVD",
"id": "CVE-2022-39953"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. fortinet\u0027s FortiNAC Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from improper privilege management",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39953"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-495"
},
{
"db": "VULMON",
"id": "CVE-2022-39953"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39953",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020658",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202303-495",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-39953",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-39953"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-495"
},
{
"db": "NVD",
"id": "CVE-2022-39953"
}
]
},
"id": "VAR-202303-0336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-11-07T22:26:46.528000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-309",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-309"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229005"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-495"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"db": "NVD",
"id": "CVE-2022-39953"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-309"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39953"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39953/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-39953"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-495"
},
{
"db": "NVD",
"id": "CVE-2022-39953"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-39953"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-495"
},
{
"db": "NVD",
"id": "CVE-2022-39953"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39953"
},
{
"date": "2023-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"date": "2023-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-495"
},
{
"date": "2023-03-07T17:15:00",
"db": "NVD",
"id": "CVE-2022-39953"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39953"
},
{
"date": "2023-11-06T07:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-020658"
},
{
"date": "2023-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-495"
},
{
"date": "2023-03-14T15:51:00",
"db": "NVD",
"id": "CVE-2022-39953"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-495"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability in privilege management in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020658"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-495"
}
],
"trust": 0.6
}
}
var-202112-0384
Vulnerability from variot
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. FortiNAC Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC 8.8.8 and earlier versions and 9.1.2 and earlier versions have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.3"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.8"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.7"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.2 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.8 and earlier"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"cve": "CVE-2021-41021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-41021",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-402293",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2021-41021",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-41021",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-41021",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41021",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-41021",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-41021",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-696",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-402293",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. FortiNAC Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC 8.8.8 and earlier versions and 9.1.2 and earlier versions have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
},
{
"db": "VULHUB",
"id": "VHN-402293"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41021",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-19076",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-402293",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"id": "VAR-202112-0384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:50:50.739000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-182",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-21-182"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174991"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-21-182"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41021"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-402293"
},
{
"date": "2022-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-696"
},
{
"date": "2021-12-08T18:15:18.547000",
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-402293"
},
{
"date": "2022-12-05T07:57:00",
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-696"
},
{
"date": "2024-11-21T06:25:16.950000",
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
],
"trust": 0.6
}
}
var-202306-1039
Vulnerability from variot
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from improper permissions, privileges, and access control flaws
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-1039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.8"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.6"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22633"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.8",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.6",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22633"
}
]
},
"cve": "CVE-2023-22633",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-22633",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-22633",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-889",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22633"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from improper permissions, privileges, and access control flaws",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22633"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22633",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-202306-889",
"trust": 0.6
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22633"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
]
},
"id": "VAR-202306-1039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2023-06-19T22:49:05.461000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22633"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://fortiguard.com/psirt/fg-ir-22-521"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-22633/"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22633"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22633"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-13T09:15:00",
"db": "NVD",
"id": "CVE-2023-22633"
},
{
"date": "2023-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-17T01:40:00",
"db": "NVD",
"id": "CVE-2023-22633"
},
{
"date": "2023-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-889"
}
],
"trust": 0.6
}
}
var-201908-0099
Vulnerability from variot
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. The admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "eq",
"trust": 2.4,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "8.3.0 to 8.3.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 0.6,
"vendor": "fortinet",
"version": "8.3.0,\u003c=8.3.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.3"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3"
},
{
"model": "fortinac",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.5.1"
},
{
"model": "fortinac",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fortinet:fortinac",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johnatan Camargo from PBI | Dynamic IT Security.",
"sources": [
{
"db": "BID",
"id": "109302"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 0.9
},
"cve": "CVE-2019-5594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5594",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-22380",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-157029",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-5594",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5594",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5594",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-22380",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-985",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157029",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nThe admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nFortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "VULHUB",
"id": "VHN-157029"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5594",
"trust": 3.4
},
{
"db": "BID",
"id": "109302",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-22380",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2651",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-157029",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"id": "VAR-201908-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
}
]
},
"last_update_date": "2024-11-23T22:21:33.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-19-140",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/FG-IR-19-140"
},
{
"title": "Patch for Fortinet FortiNAC cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/213611"
},
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5594"
},
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-19-140"
},
{
"trust": 0.9,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.9,
"url": "https://fortiguard.com/psirt/fg-ir-19-140"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5594"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2651/"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/109302"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"date": "2019-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-157029"
},
{
"date": "2019-07-16T00:00:00",
"db": "BID",
"id": "109302"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"date": "2019-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"date": "2019-08-23T21:15:12.130000",
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"date": "2019-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-157029"
},
{
"date": "2019-07-16T00:00:00",
"db": "BID",
"id": "109302"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"date": "2019-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"date": "2024-11-21T04:45:11.907000",
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 0.6
}
}