Vulnerabilites related to fortinet - fortinac
Vulnerability from fkie_nvd
Published
2023-02-16 19:15
Modified
2024-11-21 07:16
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-329 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-329 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "1AA31846-D095-4DC1-8FFC-B28447054A81", versionEndExcluding: "9.2.7", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "84AEE221-36B9-41D6-A09F-B0D81AA79576", versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*", matchCriteriaId: "C3979307-56D3-48DC-A09E-8FF75FE38664", versionEndExcluding: "7.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.", }, ], id: "CVE-2022-38375", lastModified: "2024-11-21T07:16:20.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-16T19:15:12.797", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-329", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-329", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-03 22:15
Modified
2024-11-21 07:45
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-013 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-23-013 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortinac | * | |
| fortinet | fortinac-f | 7.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "FD2141D0-A01A-471E-8FF3-D132897921E4", versionEndExcluding: "9.4.3", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "77DE647F-0252-42E2-8BDD-C98DC899C613", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.", }, ], id: "CVE-2023-22637", lastModified: "2024-11-21T07:45:06.120", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-03T22:15:17.337", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-23-013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-23-013", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-11 08:15
Modified
2024-11-21 06:53
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-062 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-062 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "7D16EFEF-BB42-4D65-9167-7FE64BE426A6", versionEndIncluding: "8.3.7", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "9B25CF57-8771-436D-8B57-EE67D9F47570", versionEndIncluding: "8.5.2", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "81E4D361-D753-4931-83A7-9085A1B74425", versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "F8D997AC-2BA5-443F-8B71-D4FF637D02B8", versionEndIncluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "27091163-9FC2-4052-A441-24BD3E020D01", versionEndIncluding: "9.2.2", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*", matchCriteriaId: "374069A0-1A0D-45B7-B59D-DA3AA3855444", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*", matchCriteriaId: "C11F0FBF-985B-4053-9B16-AA7173BCCC21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.", }, { lang: "es", value: "Múltiples neutralizaciones inapropiadas de elementos especiales usados en comandos SQL (\"Inyección SQL\") vulnerabilidad [CWE-89] en FortiNAC versiones: 8.3.7 y anteriores, 8.5.2 y anteriores, 8.5.4, 8.6.0, 8.6.5 y anteriores, 8.7.6 y anteriores, 8.8.11 y anteriores, 9.1.5 y anteriores, 9.2.2 y anteriores, pueden permitir a un atacante autenticado ejecutar código o comandos no autorizados por medio de parámetros de cadenas específicamente diseñados", }, ], id: "CVE-2022-26116", lastModified: "2024-11-21T06:53:27.763", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-11T08:15:06.687", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-062", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-16 19:15
Modified
2024-11-21 07:21
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-280 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-280 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8292B841-851C-42C2-AF13-17AB2FA894CD", versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "95E75B88-1750-4FB6-BCE4-74B69D93C918", versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "33085C12-F572-4AE1-B286-978A274A8E66", versionEndIncluding: "9.1.7", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "561003C4-0B6E-4088-8272-03C6574B83F4", versionEndIncluding: "9.2.5", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", matchCriteriaId: "952F266E-0E48-4D69-81E0-9F813B60AC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E12E11B0-E21A-4124-9DF9-FF268BB19813", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.", }, ], id: "CVE-2022-40677", lastModified: "2024-11-21T07:21:50.170", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-16T19:15:13.250", references: [ { source: "psirt@fortinet.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-280", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-280", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-88", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-88", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-07 17:15
Modified
2024-11-21 07:21
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-281 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-281 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8292B841-851C-42C2-AF13-17AB2FA894CD", versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "95E75B88-1750-4FB6-BCE4-74B69D93C918", versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "4DFD62C8-07EF-4C7C-B18B-414A9C4A2955", versionEndIncluding: "9.1.8", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "561003C4-0B6E-4088-8272-03C6574B83F4", versionEndIncluding: "9.2.5", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", matchCriteriaId: "952F266E-0E48-4D69-81E0-9F813B60AC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E12E11B0-E21A-4124-9DF9-FF268BB19813", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.", }, ], id: "CVE-2022-40676", lastModified: "2024-11-21T07:21:50.030", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-07T17:15:12.020", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-281", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-03 22:15
Modified
2024-11-21 07:50
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-520 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-520 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "2638973E-2258-4D0F-AF28-36D63652141D", versionEndIncluding: "9.2.7", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "D2DF0CAE-9209-4DEC-8197-11F9D34D7C8A", versionEndExcluding: "9.4.3", versionStartIncluding: "9.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "77DE647F-0252-42E2-8BDD-C98DC899C613", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.", }, ], id: "CVE-2023-26203", lastModified: "2024-11-21T07:50:54.487", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-03T22:15:18.357", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-520", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-23 08:15
Modified
2024-11-21 08:05
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-074 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-23-074 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8292B841-851C-42C2-AF13-17AB2FA894CD", versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "95E75B88-1750-4FB6-BCE4-74B69D93C918", versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "D101F116-0C73-401E-9882-8BA2F403FA4E", versionEndIncluding: "9.1.9", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "B341AE7E-48F1-4ABE-891F-F9D543D19E29", versionEndIncluding: "9.2.7", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EFF5B4CF-5BF9-4852-BD4F-5A27FD17EDC2", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4C3107FF-B414-4C7C-BD97-AC102A744B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", matchCriteriaId: "952F266E-0E48-4D69-81E0-9F813B60AC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E12E11B0-E21A-4124-9DF9-FF268BB19813", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4648F862-AB8C-4B8D-8F2D-5D2641F08845", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*", matchCriteriaId: "6B0251A8-1E8B-4B4A-962F-3E5950601814", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.", }, ], id: "CVE-2023-33299", lastModified: "2024-11-21T08:05:22.070", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-23T08:15:09.483", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-23-074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-23-074", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-16 19:15
Modified
2024-11-21 07:18
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-300 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-300 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "DFBBFCB8-B202-4B8E-9C6A-9FD080493761", versionEndIncluding: "8.8.9", versionStartIncluding: "8.3.7", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "7BF7BE0D-2C93-4CA7-B1AD-B3C019B851D2", versionEndExcluding: "9.1.8", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "F62A2710-F28E-4F13-8916-4C743869B2D6", versionEndExcluding: "9.2.6", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "21A790F2-B3CD-4C23-9777-BB92982A101C", versionEndExcluding: "9.4.1", versionStartIncluding: "9.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.", }, ], id: "CVE-2022-39952", lastModified: "2024-11-21T07:18:33.040", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-16T19:15:13.060", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-300", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-73", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-18 18:15
Modified
2024-11-21 06:53
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-058 | Patch, Vendor Advisory | |
| psirt@fortinet.com | https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-058 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47 | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "9B25CF57-8771-436D-8B57-EE67D9F47570", versionEndIncluding: "8.5.2", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "81E4D361-D753-4931-83A7-9085A1B74425", versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "5D6DF60A-302A-4602-9DA3-282177BB31DC", versionEndExcluding: "9.1.6", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "6784AAA4-8FE1-4AEA-A9F1-8489FCF78301", versionEndExcluding: "9.2.4", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", matchCriteriaId: "952F266E-0E48-4D69-81E0-9F813B60AC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*", matchCriteriaId: "374069A0-1A0D-45B7-B59D-DA3AA3855444", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*", matchCriteriaId: "C11F0FBF-985B-4053-9B16-AA7173BCCC21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.", }, { lang: "es", value: "Una vulnerabilidad de contraseña vacía en el archivo de configuración [CWE-258] en FortiNAC versiones 8.3.7 y anteriores, 8.5.2 y anteriores, 8.5.4, 8.6.0, 8.6.5 y anteriores, 8.7.6 y anteriores, 8.8.11 y anteriores, 9.1.5 y anteriores, 9.2.3 y anteriores puede permitir a un atacante autenticado acceder a las bases de datos MySQL por medio de la CLI", }, ], id: "CVE-2022-26117", lastModified: "2024-11-21T06:53:27.890", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-18T18:15:09.017", references: [ { source: "psirt@fortinet.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-058", }, { source: "psirt@fortinet.com", tags: [ "Third Party Advisory", ], url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-058", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-521", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-09 10:15
Modified
2024-11-21 06:28
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-21-178 | Vendor Advisory | |
| psirt@fortinet.com | https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-21-178 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "2B635677-94E0-4594-93B3-DA0A0F40540F", versionEndExcluding: "8.8.10", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "EAD6773C-BD72-47FF-BCC6-CC057C20E796", versionEndExcluding: "9.1.4", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9D6ECEB2-D111-4C78-B0B4-0094C8C57EB3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.", }, { lang: "es", value: "Una asignación incorrecta de permisos para recursos críticos en Fortinet FortiNAC versión 9.2.0, versión 9.1.3 y anteriores, versión 8.8.9 y anteriores, permite al atacante conseguir mayores privilegios por medio del acceso a datos confidenciales del sistema", }, ], id: "CVE-2021-43065", lastModified: "2024-11-21T06:28:37.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-09T10:15:11.847", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-21-178", }, { source: "psirt@fortinet.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-21-178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-07 17:15
Modified
2024-11-21 07:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-309 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-309 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8292B841-851C-42C2-AF13-17AB2FA894CD", versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "95E75B88-1750-4FB6-BCE4-74B69D93C918", versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "4DFD62C8-07EF-4C7C-B18B-414A9C4A2955", versionEndIncluding: "9.1.8", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "9331C47E-0CA4-4B2F-A89F-5C0AAEF3ECAA", versionEndIncluding: "9.2.6", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", matchCriteriaId: "952F266E-0E48-4D69-81E0-9F813B60AC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E12E11B0-E21A-4124-9DF9-FF268BB19813", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4648F862-AB8C-4B8D-8F2D-5D2641F08845", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.", }, ], id: "CVE-2022-39953", lastModified: "2024-11-21T07:18:33.187", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-07T17:15:11.943", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-309", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-309", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-16 19:15
Modified
2024-11-21 07:16
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-273 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-273 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8292B841-851C-42C2-AF13-17AB2FA894CD", versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "F1ABB0EC-4DF9-4475-A616-F61C3CA6CB34", versionEndExcluding: "9.4.2", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", matchCriteriaId: "952F266E-0E48-4D69-81E0-9F813B60AC3E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.", }, ], id: "CVE-2022-38376", lastModified: "2024-11-21T07:16:21.097", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-16T19:15:12.860", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-273", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-273", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-11 17:15
Modified
2024-11-21 07:27
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-409 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-409 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "2638973E-2258-4D0F-AF28-36D63652141D", versionEndIncluding: "9.2.7", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "84AEE221-36B9-41D6-A09F-B0D81AA79576", versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*", matchCriteriaId: "C3979307-56D3-48DC-A09E-8FF75FE38664", versionEndExcluding: "7.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.", }, ], id: "CVE-2022-43951", lastModified: "2024-11-21T07:27:24.150", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-11T17:15:07.787", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-409", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-409", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 17:17
Modified
2025-01-21 21:47
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-24-040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-24-040 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8E178BCE-6212-4C9F-BDED-090DA849F9C1", versionEndExcluding: "7.2.4", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "13B96979-AB7A-426A-A6D8-16D6D2295233", versionEndExcluding: "9.4.5", versionStartIncluding: "8.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.", }, { lang: "es", value: "Una neutralización inadecuada de entradas durante la vulnerabilidad de generación de páginas web [CWE-79] en FortiNAC versión 9.4.0 a 9.4.4, 9.2.0 a 9.2.8, 9.1.0 a 9.1.10, 8.8.0 a 8.8.11, 8.7.0 a 8.7.6, 7.2.0 a 7.2.3 pueden permitir que un atacante remoto autenticado realice un ataque de Cross Site Scripting (XSS) almacenado y reflejado a través de solicitudes HTTP manipuladas.", }, ], id: "CVE-2024-31488", lastModified: "2025-01-21T21:47:47.183", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-14T17:17:23.733", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-24-040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-24-040", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@fortinet.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-16 19:15
Modified
2024-11-21 07:45
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-260 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-260 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8292B841-851C-42C2-AF13-17AB2FA894CD", versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "95E75B88-1750-4FB6-BCE4-74B69D93C918", versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "D101F116-0C73-401E-9882-8BA2F403FA4E", versionEndIncluding: "9.1.9", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "B341AE7E-48F1-4ABE-891F-F9D543D19E29", versionEndIncluding: "9.2.7", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", matchCriteriaId: "952F266E-0E48-4D69-81E0-9F813B60AC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E12E11B0-E21A-4124-9DF9-FF268BB19813", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4648F862-AB8C-4B8D-8F2D-5D2641F08845", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.", }, ], id: "CVE-2023-22638", lastModified: "2024-11-21T07:45:06.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-16T19:15:13.977", references: [ { source: "psirt@fortinet.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-260", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-15 14:15
Modified
2024-11-21 07:50
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-063 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-23-063 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "72F09A9E-3804-43BE-95B8-67418FEF269E", versionEndIncluding: "9.1.10", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "225F8F74-D68C-444E-87E9-BC8AED05BB42", versionEndIncluding: "9.2.8", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "029D7D58-6515-42D5-8E9A-73845CCE15A8", versionEndIncluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EFF5B4CF-5BF9-4852-BD4F-5A27FD17EDC2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.", }, { lang: "es", value: "Una neutralización inadecuada de la entrada durante la generación de la página web ('cross-site scripting') en Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 y 7.2.0 permite a un atacante para ejecutar código o comandos no autorizados a través de los campos de nombre observados en los registros de auditoría de políticas.", }, ], id: "CVE-2023-26206", lastModified: "2024-11-21T07:50:54.880", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-15T14:15:44.597", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-23-063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-23-063", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@fortinet.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-23 21:15
Modified
2024-11-21 04:45
Severity ?
Summary
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-19-140 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-19-140 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8A3925F5-BA4F-406D-A38F-3EFC8D0083BE", versionEndIncluding: "8.3.6", versionStartIncluding: "8.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.5.0:*:*:*:*:*:*:*", matchCriteriaId: "4E16B46B-FA2D-4208-9DBC-AD0DF3344DE1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.", }, { lang: "es", value: "Una neutralización inadecuada de la entrada durante la generación de páginas web (\"Cross-site Scripting\") en Fortinet FortiNAC 8.3.0 a 8.3.6 y 8.5.0 admin webUI puede permitir que un atacante no autenticado realice un ataque XSS reflejado a través del campo de búsqueda en el webUI.", }, ], id: "CVE-2019-5594", lastModified: "2024-11-21T04:45:11.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-23T21:15:12.130", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-19-140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-19-140", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-10 12:15
Modified
2024-11-21 05:52
Severity ?
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-20-038 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-20-038 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "05288FD9-1010-4A31-A79D-9314F2AC56E5", versionEndExcluding: "8.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.", }, { lang: "es", value: "Una vulnerabilidad de escalada de privilegios en FortiNAC versiones por debajo de 8.8.2, puede permitir a un usuario administrador escalar privilegios a root al abusar de los privilegios de sudo", }, ], id: "CVE-2021-24011", lastModified: "2024-11-21T05:52:12.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-10T12:15:07.640", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-038", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-038", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-03 22:15
Modified
2024-11-21 07:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Summary
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions,
8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-407 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-407 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortinac | * | |
| fortinet | fortinac-f | 7.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "2A30BF9D-B074-42C5-8C46-15651E379371", versionEndExcluding: "9.4.2", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "77DE647F-0252-42E2-8BDD-C98DC899C613", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, \r\n 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.", }, ], id: "CVE-2022-43950", lastModified: "2024-11-21T07:27:24.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-03T22:15:09.417", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-407", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-13 09:15
Modified
2024-11-21 07:18
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-332 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-332 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8292B841-851C-42C2-AF13-17AB2FA894CD", versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "95E75B88-1750-4FB6-BCE4-74B69D93C918", versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "72F09A9E-3804-43BE-95B8-67418FEF269E", versionEndIncluding: "9.1.10", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "225F8F74-D68C-444E-87E9-BC8AED05BB42", versionEndIncluding: "9.2.8", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E12E11B0-E21A-4124-9DF9-FF268BB19813", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4648F862-AB8C-4B8D-8F2D-5D2641F08845", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*", matchCriteriaId: "6B0251A8-1E8B-4B4A-962F-3E5950601814", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.", }, ], id: "CVE-2022-39946", lastModified: "2024-11-21T07:18:32.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-13T09:15:14.620", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-332", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-16 19:15
Modified
2024-11-21 07:18
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-304 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-304 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "B1A805AE-3A46-4F20-8F7D-7E9E8EE609D5", versionEndIncluding: "9.2.7", versionStartIncluding: "8.3.7", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "84AEE221-36B9-41D6-A09F-B0D81AA79576", versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*", matchCriteriaId: "C3979307-56D3-48DC-A09E-8FF75FE38664", versionEndExcluding: "7.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.", }, ], id: "CVE-2022-39954", lastModified: "2024-11-21T07:18:33.333", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-16T19:15:13.120", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-304", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-03 22:15
Modified
2024-11-21 07:29
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-452 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-452 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "FDA26803-7075-4ABC-8D2E-246A81FEB80F", versionEndExcluding: "9.1.0", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "F62A2710-F28E-4F13-8916-4C743869B2D6", versionEndExcluding: "9.2.6", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "84AEE221-36B9-41D6-A09F-B0D81AA79576", versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.", }, ], id: "CVE-2022-45858", lastModified: "2024-11-21T07:29:51.097", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 2.5, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-03T22:15:15.423", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-452", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-03 22:15
Modified
2024-11-21 07:29
Severity ?
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-456 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-456 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "C07AF172-49D7-4F20-8A6B-7640C1FE3600", versionEndIncluding: "9.1.8", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "1AA31846-D095-4DC1-8FFC-B28447054A81", versionEndExcluding: "9.2.7", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "84AEE221-36B9-41D6-A09F-B0D81AA79576", versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "77DE647F-0252-42E2-8BDD-C98DC899C613", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.", }, ], id: "CVE-2022-45859", lastModified: "2024-11-21T07:29:51.237", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-03T22:15:15.553", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-456", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-13 09:15
Modified
2024-11-21 07:45
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-521 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-521 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "4DFD62C8-07EF-4C7C-B18B-414A9C4A2955", versionEndIncluding: "9.1.8", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "9331C47E-0CA4-4B2F-A89F-5C0AAEF3ECAA", versionEndIncluding: "9.2.6", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E12E11B0-E21A-4124-9DF9-FF268BB19813", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4648F862-AB8C-4B8D-8F2D-5D2641F08845", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "77DE647F-0252-42E2-8BDD-C98DC899C613", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.", }, ], id: "CVE-2023-22633", lastModified: "2024-11-21T07:45:05.623", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-13T09:15:16.127", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-521", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-521", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-24 15:15
Modified
2024-11-21 05:00
Severity ?
Summary
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-20-002 | Vendor Advisory | |
| nvd@nist.gov | https://www.fortiguard.com/psirt/FG-IR-20-002 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-20-002 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "02B5F3A1-F44D-4A42-A1BF-3FCC42D55839", versionEndExcluding: "8.7.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.", }, { lang: "es", value: "Una vulnerabilidad de neutralización inapropiada de la entrada en FortiNAC versiones anteriores a 8.7.2, puede permitir a un atacante autenticado remoto llevar a cabo un ataque de tipo cross site scripting (XSS) almacenado por medio de un UserID de Usuarios Administradores.", }, ], id: "CVE-2020-12816", lastModified: "2024-11-21T05:00:19.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-24T15:15:13.093", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-002", }, { source: "nvd@nist.gov", tags: [ "Vendor Advisory", ], url: "https://www.fortiguard.com/psirt/FG-IR-20-002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-002", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-03 22:15
Modified
2024-11-21 07:29
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-464 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-464 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "D7321AAB-1859-43BE-A84C-92620389287F", versionEndIncluding: "9.2.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "84AEE221-36B9-41D6-A09F-B0D81AA79576", versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "77DE647F-0252-42E2-8BDD-C98DC899C613", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.", }, ], id: "CVE-2022-45860", lastModified: "2024-11-21T07:29:51.380", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-03T22:15:15.670", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-464", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-464", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1390", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-08 18:15
Modified
2024-11-21 06:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-21-182 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-21-182 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortinac | 8.8.0 | |
| fortinet | fortinac | 8.8.1 | |
| fortinet | fortinac | 8.8.2 | |
| fortinet | fortinac | 8.8.3 | |
| fortinet | fortinac | 8.8.4 | |
| fortinet | fortinac | 8.8.5 | |
| fortinet | fortinac | 8.8.6 | |
| fortinet | fortinac | 8.8.7 | |
| fortinet | fortinac | 8.8.8 | |
| fortinet | fortinac | 9.1.0 | |
| fortinet | fortinac | 9.1.1 | |
| fortinet | fortinac | 9.1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*", matchCriteriaId: "326CEB4E-22A6-4E74-A0E6-08429A089613", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.8.1:*:*:*:*:*:*:*", matchCriteriaId: "3181DD7D-5873-4A4A-B403-42B84355C19D", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.8.2:*:*:*:*:*:*:*", matchCriteriaId: "F55C207C-36D0-4D79-B882-A611F9FE6B55", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.8.3:*:*:*:*:*:*:*", matchCriteriaId: "4891E307-0B86-43B6-B51A-46471F86AED6", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.8.4:*:*:*:*:*:*:*", matchCriteriaId: "3DDDD7B7-DB6D-4A94-959C-F0DAE13C9D0F", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.8.5:*:*:*:*:*:*:*", matchCriteriaId: "F90AB49E-49FC-4A1C-A45C-8165EEA4746F", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.8.6:*:*:*:*:*:*:*", matchCriteriaId: "74BFA5FC-A6FB-486C-BED1-4388182A388F", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2064F9E5-95BB-4A11-AC23-E91C6A0A97EA", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.8.8:*:*:*:*:*:*:*", matchCriteriaId: "71EA8614-B871-43DD-B246-D3CD26D204CF", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "20A402E2-FD83-47B8-A5DF-828A3661162E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.1.1:*:*:*:*:*:*:*", matchCriteriaId: "E3B0E5D6-7B79-4081-8230-0C02490A5CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17B0A606-5595-457C-8CC7-BA3C856A223B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.", }, { lang: "es", value: "Una vulnerabilidad de escalada de privilegios en FortiNAC versiones 8.8.8 y anteriores y 9.1.2 y anteriores, puede permitir a un usuario administrador escalar los privilegios a root por medio del comando sudo", }, ], id: "CVE-2021-41021", lastModified: "2024-11-21T06:25:16.950", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-08T18:15:18.547", references: [ { source: "psirt@fortinet.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-21-182", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-21-182", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-16 19:15
Modified
2024-11-21 07:21
Severity ?
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-265 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-265 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "8292B841-851C-42C2-AF13-17AB2FA894CD", versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "95E75B88-1750-4FB6-BCE4-74B69D93C918", versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD32B25-76B4-4D6E-BB5C-065070297058", versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "46929BE3-0396-4B8A-9889-9F6CA73FAD4E", versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "33085C12-F572-4AE1-B286-978A274A8E66", versionEndIncluding: "9.1.7", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "561003C4-0B6E-4088-8272-03C6574B83F4", versionEndIncluding: "9.2.5", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", matchCriteriaId: "952F266E-0E48-4D69-81E0-9F813B60AC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E12E11B0-E21A-4124-9DF9-FF268BB19813", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.", }, ], id: "CVE-2022-40678", lastModified: "2024-11-21T07:21:50.310", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-16T19:15:13.313", references: [ { source: "psirt@fortinet.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-265", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-265", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-16 19:15
Modified
2024-11-21 07:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-312 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-312 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "B1A805AE-3A46-4F20-8F7D-7E9E8EE609D5", versionEndIncluding: "9.2.7", versionStartIncluding: "8.3.7", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", matchCriteriaId: "84AEE221-36B9-41D6-A09F-B0D81AA79576", versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*", matchCriteriaId: "C3979307-56D3-48DC-A09E-8FF75FE38664", versionEndExcluding: "7.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.", }, ], id: "CVE-2022-40675", lastModified: "2024-11-21T07:21:49.883", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-16T19:15:13.187", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-312", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202305-0038
Vulnerability from variot
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC 7.2.0, FortiNAC 9.4.2 and earlier, 9.2, 9.1, 8.8, and 8.7 have security vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0038", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.3", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac-f", scope: "eq", trust: 1, vendor: "fortinet", version: "7.2.0", }, ], sources: [ { db: "NVD", id: "CVE-2023-22637", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.3", versionStartIncluding: "8.7.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-22637", }, ], }, cve: "CVE-2023-22637", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 2.3, id: "CVE-2023-22637", impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-22637", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202305-193", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-22637", }, { db: "CNNVD", id: "CNNVD-202305-193", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC 7.2.0, FortiNAC 9.4.2 and earlier, 9.2, 9.1, 8.8, and 8.7 have security vulnerabilities", sources: [ { db: "NVD", id: "CVE-2023-22637", }, { db: "CNNVD", id: "CNNVD-202305-193", }, { db: "VULMON", id: "CVE-2023-22637", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-22637", trust: 1.7, }, { db: "AUSCERT", id: "ESB-2023.2498", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202305-193", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-22637", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-22637", }, { db: "NVD", id: "CVE-2023-22637", }, { db: "CNNVD", id: "CNNVD-202305-193", }, ], }, id: "VAR-202305-0038", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-05-10T22:02:45.820000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=236785", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-193", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-22637", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-23-013", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-22637/", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2023-22637", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.2498", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-22637", }, { db: "NVD", id: "CVE-2023-22637", }, { db: "CNNVD", id: "CNNVD-202305-193", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-22637", }, { db: "NVD", id: "CVE-2023-22637", }, { db: "CNNVD", id: "CNNVD-202305-193", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-03T00:00:00", db: "VULMON", id: "CVE-2023-22637", }, { date: "2023-05-03T22:15:00", db: "NVD", id: "CVE-2023-22637", }, { date: "2023-05-03T00:00:00", db: "CNNVD", id: "CNNVD-202305-193", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-04T00:00:00", db: "VULMON", id: "CVE-2023-22637", }, { date: "2023-05-09T20:45:00", db: "NVD", id: "CVE-2023-22637", }, { date: "2023-05-10T00:00:00", db: "CNNVD", id: "CNNVD-202305-193", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202305-193", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Cross-site scripting vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202305-193", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202305-193", }, ], trust: 0.6, }, }
var-202112-0525
Vulnerability from variot
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. FortiNAC Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that could allow an authenticated attacker to access sensitive system data, thereby elevating the authority of an authenticated user to an administrator
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0525", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "8.8.10", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.1.4", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "9.1.3 and earlier", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "9.2.0 and earlier", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.8.9 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-015921", }, { db: "NVD", id: "CVE-2021-43065", }, ], }, cve: "CVE-2021-43065", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CVE-2021-43065", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "VHN-404115", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2021-43065", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "OTHER", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-015921", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-43065", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2021-43065", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-43065", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202112-524", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-404115", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-404115", }, { db: "JVNDB", id: "JVNDB-2021-015921", }, { db: "CNNVD", id: "CNNVD-202112-524", }, { db: "NVD", id: "CVE-2021-43065", }, { db: "NVD", id: "CVE-2021-43065", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. FortiNAC Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that could allow an authenticated attacker to access sensitive system data, thereby elevating the authority of an authenticated user to an administrator", sources: [ { db: "NVD", id: "CVE-2021-43065", }, { db: "JVNDB", id: "JVNDB-2021-015921", }, { db: "CNNVD", id: "CNNVD-202112-524", }, { db: "VULHUB", id: "VHN-404115", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-43065", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-015921", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-524", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2021.4151", trust: 0.6, }, { db: "CS-HELP", id: "SB2021120719", trust: 0.6, }, { db: "CNVD", id: "CNVD-2021-102801", trust: 0.1, }, { db: "VULHUB", id: "VHN-404115", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-404115", }, { db: "JVNDB", id: "JVNDB-2021-015921", }, { db: "CNNVD", id: "CNNVD-202112-524", }, { db: "NVD", id: "CVE-2021-43065", }, ], }, id: "VAR-202112-0525", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-404115", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:32:59.482000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-21-178", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-21-178", }, { title: "Fortinet FortiNAC Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173979", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-015921", }, { db: "CNNVD", id: "CNNVD-202112-524", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-732", trust: 1.1, }, { problemtype: "Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-404115", }, { db: "JVNDB", id: "JVNDB-2021-015921", }, { db: "NVD", id: "CVE-2021-43065", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/orangecertcc/security-research/security/advisories/ghsa-8wx4-g5p9-348h", }, { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-21-178", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-43065", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120719", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.4151", }, ], sources: [ { db: "VULHUB", id: "VHN-404115", }, { db: "JVNDB", id: "JVNDB-2021-015921", }, { db: "CNNVD", id: "CNNVD-202112-524", }, { db: "NVD", id: "CVE-2021-43065", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-404115", }, { db: "JVNDB", id: "JVNDB-2021-015921", }, { db: "CNNVD", id: "CNNVD-202112-524", }, { db: "NVD", id: "CVE-2021-43065", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-09T00:00:00", db: "VULHUB", id: "VHN-404115", }, { date: "2022-12-02T00:00:00", db: "JVNDB", id: "JVNDB-2021-015921", }, { date: "2021-12-08T00:00:00", db: "CNNVD", id: "CNNVD-202112-524", }, { date: "2021-12-09T10:15:11.847000", db: "NVD", id: "CVE-2021-43065", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-28T00:00:00", db: "VULHUB", id: "VHN-404115", }, { date: "2022-12-02T07:27:00", db: "JVNDB", id: "JVNDB-2021-015921", }, { date: "2022-08-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-524", }, { date: "2024-11-21T06:28:37.820000", db: "NVD", id: "CVE-2021-43065", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202112-524", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiNAC Vulnerability in improper permission assignment for critical resources in", sources: [ { db: "JVNDB", id: "JVNDB-2021-015921", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-524", }, ], trust: 0.6, }, }
var-202305-0225
Vulnerability from variot
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0225", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.7", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.3", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac-f", scope: "eq", trust: 1, vendor: "fortinet", version: "7.2.0", }, ], sources: [ { db: "NVD", id: "CVE-2023-26203", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.7", versionStartIncluding: "8.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.3", versionStartIncluding: "9.4.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-26203", }, ], }, cve: "CVE-2023-26203", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-26203", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-26203", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202305-194", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-26203", }, { db: "CNNVD", id: "CNNVD-202305-194", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection", sources: [ { db: "NVD", id: "CVE-2023-26203", }, { db: "CNNVD", id: "CNNVD-202305-194", }, { db: "VULMON", id: "CVE-2023-26203", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-26203", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202305-194", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-26203", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-26203", }, { db: "NVD", id: "CVE-2023-26203", }, { db: "CNNVD", id: "CNNVD-202305-194", }, ], }, id: "VAR-202305-0225", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-05-11T22:51:38.714000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fortinet FortiNAC Repair measures for trust management problem vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=236981", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-194", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-798", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-26203", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-520", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-26203/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-26203", }, { db: "NVD", id: "CVE-2023-26203", }, { db: "CNNVD", id: "CNNVD-202305-194", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-26203", }, { db: "NVD", id: "CVE-2023-26203", }, { db: "CNNVD", id: "CNNVD-202305-194", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-03T00:00:00", db: "VULMON", id: "CVE-2023-26203", }, { date: "2023-05-03T22:15:00", db: "NVD", id: "CVE-2023-26203", }, { date: "2023-05-03T00:00:00", db: "CNNVD", id: "CNNVD-202305-194", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-04T00:00:00", db: "VULMON", id: "CVE-2023-26203", }, { date: "2023-05-10T20:44:00", db: "NVD", id: "CVE-2023-26203", }, { date: "2023-05-11T00:00:00", db: "CNNVD", id: "CNNVD-202305-194", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202305-194", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Trust Management Issue Vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202305-194", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "trust management problem", sources: [ { db: "CNNVD", id: "CNNVD-202305-194", }, ], trust: 0.6, }, }
var-202205-0408
Vulnerability from variot
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. FortiNAC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC versions 8.3.7 to 9.2.2 have a SQL injection vulnerability that stems from insufficient sanitization of user-supplied data. The vulnerability could be exploited by a remote user to send a specially crafted request to an affected application to execute arbitrary SQL commands in the application database. SQL commands
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0408", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.5", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.2", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.2", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.5", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.2", }, { model: "fortinac", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-011444", }, { db: "NVD", id: "CVE-2022-26116", }, ], }, cve: "CVE-2022-26116", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2022-26116", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "VHN-416877", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-26116", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2022-26116", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-26116", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-26116", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2022-26116", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-26116", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202205-2037", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-416877", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2022-26116", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-416877", }, { db: "VULMON", id: "CVE-2022-26116", }, { db: "JVNDB", id: "JVNDB-2022-011444", }, { db: "CNNVD", id: "CNNVD-202205-2037", }, { db: "NVD", id: "CVE-2022-26116", }, { db: "NVD", id: "CVE-2022-26116", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. FortiNAC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC versions 8.3.7 to 9.2.2 have a SQL injection vulnerability that stems from insufficient sanitization of user-supplied data. The vulnerability could be exploited by a remote user to send a specially crafted request to an affected application to execute arbitrary SQL commands in the application database. SQL commands", sources: [ { db: "NVD", id: "CVE-2022-26116", }, { db: "JVNDB", id: "JVNDB-2022-011444", }, { db: "CNNVD", id: "CNNVD-202205-2037", }, { db: "VULHUB", id: "VHN-416877", }, { db: "VULMON", id: "CVE-2022-26116", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-26116", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2022-011444", trust: 0.8, }, { db: "CS-HELP", id: "SB2022050319", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2037", trust: 0.6, }, { db: "CNVD", id: "CNVD-2022-50944", trust: 0.1, }, { db: "VULHUB", id: "VHN-416877", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-26116", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-416877", }, { db: "VULMON", id: "CVE-2022-26116", }, { db: "JVNDB", id: "JVNDB-2022-011444", }, { db: "CNNVD", id: "CNNVD-202205-2037", }, { db: "NVD", id: "CVE-2022-26116", }, ], }, id: "VAR-202205-0408", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-416877", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:32:49.026000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-062", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-22-062", }, { title: "Fortinet FortiNAC SQL Repair measures for injecting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193411", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-011444", }, { db: "CNNVD", id: "CNNVD-202205-2037", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-89", trust: 1.1, }, { problemtype: "SQL injection (CWE-89) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-416877", }, { db: "JVNDB", id: "JVNDB-2022-011444", }, { db: "NVD", id: "CVE-2022-26116", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/psirt/fg-ir-22-062", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-26116", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022050319", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-26116/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/89.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-416877", }, { db: "VULMON", id: "CVE-2022-26116", }, { db: "JVNDB", id: "JVNDB-2022-011444", }, { db: "CNNVD", id: "CNNVD-202205-2037", }, { db: "NVD", id: "CVE-2022-26116", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-416877", }, { db: "VULMON", id: "CVE-2022-26116", }, { db: "JVNDB", id: "JVNDB-2022-011444", }, { db: "CNNVD", id: "CNNVD-202205-2037", }, { db: "NVD", id: "CVE-2022-26116", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-11T00:00:00", db: "VULHUB", id: "VHN-416877", }, { date: "2022-05-11T00:00:00", db: "VULMON", id: "CVE-2022-26116", }, { date: "2023-08-22T00:00:00", db: "JVNDB", id: "JVNDB-2022-011444", }, { date: "2022-05-03T00:00:00", db: "CNNVD", id: "CNNVD-202205-2037", }, { date: "2022-05-11T08:15:06.687000", db: "NVD", id: "CVE-2022-26116", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-18T00:00:00", db: "VULHUB", id: "VHN-416877", }, { date: "2022-05-18T00:00:00", db: "VULMON", id: "CVE-2022-26116", }, { date: "2023-08-22T06:28:00", db: "JVNDB", id: "JVNDB-2022-011444", }, { date: "2022-05-19T00:00:00", db: "CNNVD", id: "CNNVD-202205-2037", }, { date: "2024-11-21T06:53:27.763000", db: "NVD", id: "CVE-2022-26116", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2037", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiNAC In SQL Injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-011444", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SQL injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2037", }, ], trust: 0.6, }, }
var-202302-1271
Vulnerability from variot
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. fortinet's FortiNAC Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1271", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.1", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.2.6", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.1.8", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.9", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.0 that's all 9.4.1", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.3.7 to 8.8.9", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.1.0 that's all 9.1.8", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.2.0 that's all 9.2.6", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004446", }, { db: "NVD", id: "CVE-2022-39952", }, ], }, cve: "CVE-2022-39952", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-39952", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-39952", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-39952", trust: 1, value: "CRITICAL", }, { author: "psirt@fortinet.com", id: "CVE-2022-39952", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-39952", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202302-1434", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004446", }, { db: "CNNVD", id: "CNNVD-202302-1434", }, { db: "NVD", id: "CVE-2022-39952", }, { db: "NVD", id: "CVE-2022-39952", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. fortinet's FortiNAC Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-39952", }, { db: "JVNDB", id: "JVNDB-2023-004446", }, { db: "VULHUB", id: "VHN-435749", }, { db: "VULMON", id: "CVE-2022-39952", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-39952", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2023-004446", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1434", trust: 0.6, }, { db: "VULHUB", id: "VHN-435749", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-39952", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-435749", }, { db: "VULMON", id: "CVE-2022-39952", }, { db: "JVNDB", id: "JVNDB-2023-004446", }, { db: "CNNVD", id: "CNNVD-202302-1434", }, { db: "NVD", id: "CVE-2022-39952", }, ], }, id: "VAR-202302-1271", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-435749", }, ], trust: 0.01, }, last_update_date: "2024-08-14T14:10:18.628000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-300", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-22-300", }, { title: "Fortinet FortiNAC Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226804", }, { title: "", trust: 0.1, url: "https://github.com/Florian-R0th/CVE-2022-39952 ", }, ], sources: [ { db: "VULMON", id: "CVE-2022-39952", }, { db: "JVNDB", id: "JVNDB-2023-004446", }, { db: "CNNVD", id: "CNNVD-202302-1434", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-73", trust: 1, }, { problemtype: "CWE-668", trust: 1, }, { problemtype: "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]", trust: 0.8, }, { problemtype: "CWE-610", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-435749", }, { db: "JVNDB", id: "JVNDB-2023-004446", }, { db: "NVD", id: "CVE-2022-39952", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/psirt/fg-ir-22-300", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-39952", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-39952/", }, { trust: 0.1, url: "https://github.com/florian-r0th/cve-2022-39952", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-435749", }, { db: "VULMON", id: "CVE-2022-39952", }, { db: "JVNDB", id: "JVNDB-2023-004446", }, { db: "CNNVD", id: "CNNVD-202302-1434", }, { db: "NVD", id: "CVE-2022-39952", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-435749", }, { db: "VULMON", id: "CVE-2022-39952", }, { db: "JVNDB", id: "JVNDB-2023-004446", }, { db: "CNNVD", id: "CNNVD-202302-1434", }, { db: "NVD", id: "CVE-2022-39952", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULHUB", id: "VHN-435749", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-39952", }, { date: "2023-10-30T00:00:00", db: "JVNDB", id: "JVNDB-2023-004446", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1434", }, { date: "2023-02-16T19:15:13.060000", db: "NVD", id: "CVE-2022-39952", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-24T00:00:00", db: "VULHUB", id: "VHN-435749", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-39952", }, { date: "2023-10-30T06:18:00", db: "JVNDB", id: "JVNDB-2023-004446", }, { date: "2023-02-27T00:00:00", db: "CNNVD", id: "CNNVD-202302-1434", }, { date: "2023-11-07T03:50:41.250000", db: "NVD", id: "CVE-2022-39952", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1434", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC Vulnerability in leaking resources to the wrong area in", sources: [ { db: "JVNDB", id: "JVNDB-2023-004446", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202302-1434", }, ], trust: 0.6, }, }
var-202302-1445
Vulnerability from variot
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1445", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac-f", scope: "lt", trust: 1, vendor: "fortinet", version: "7.2.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.7", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac-f", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.2.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "-f 7.2.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.3.7 to 9.2.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.0 that's all 9.4.2", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004412", }, { db: "NVD", id: "CVE-2022-40675", }, ], }, cve: "CVE-2022-40675", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, id: "CVE-2022-40675", impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@fortinet.com", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, id: "CVE-2022-40675", impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.4, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-40675", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-40675", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2022-40675", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2022-40675", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202302-1433", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004412", }, { db: "CNNVD", id: "CNNVD-202302-1433", }, { db: "NVD", id: "CVE-2022-40675", }, { db: "NVD", id: "CVE-2022-40675", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with", sources: [ { db: "NVD", id: "CVE-2022-40675", }, { db: "JVNDB", id: "JVNDB-2023-004412", }, { db: "VULHUB", id: "VHN-436488", }, { db: "VULMON", id: "CVE-2022-40675", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-40675", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2023-004412", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1433", trust: 0.6, }, { db: "VULHUB", id: "VHN-436488", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-40675", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-436488", }, { db: "VULMON", id: "CVE-2022-40675", }, { db: "JVNDB", id: "JVNDB-2023-004412", }, { db: "CNNVD", id: "CNNVD-202302-1433", }, { db: "NVD", id: "CVE-2022-40675", }, ], }, id: "VAR-202302-1445", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-436488", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:32:14.414000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-312", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-22-312", }, { title: "Fortinet FortiNAC Fixes for encryption problem vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226803", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004412", }, { db: "CNNVD", id: "CNNVD-202302-1433", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-310", trust: 1, }, { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, { problemtype: "CWE-327", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-436488", }, { db: "JVNDB", id: "JVNDB-2023-004412", }, { db: "NVD", id: "CVE-2022-40675", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/psirt/fg-ir-22-312", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40675", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-40675/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-436488", }, { db: "VULMON", id: "CVE-2022-40675", }, { db: "JVNDB", id: "JVNDB-2023-004412", }, { db: "CNNVD", id: "CNNVD-202302-1433", }, { db: "NVD", id: "CVE-2022-40675", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-436488", }, { db: "VULMON", id: "CVE-2022-40675", }, { db: "JVNDB", id: "JVNDB-2023-004412", }, { db: "CNNVD", id: "CNNVD-202302-1433", }, { db: "NVD", id: "CVE-2022-40675", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULHUB", id: "VHN-436488", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-40675", }, { date: "2023-10-30T00:00:00", db: "JVNDB", id: "JVNDB-2023-004412", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1433", }, { date: "2023-02-16T19:15:13.187000", db: "NVD", id: "CVE-2022-40675", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-24T00:00:00", db: "VULHUB", id: "VHN-436488", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-40675", }, { date: "2023-10-30T05:48:00", db: "JVNDB", id: "JVNDB-2023-004412", }, { date: "2023-02-27T00:00:00", db: "CNNVD", id: "CNNVD-202302-1433", }, { date: "2023-11-07T03:52:34.577000", db: "NVD", id: "CVE-2022-40675", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1433", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC and FortiNAC-F Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-004412", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-202302-1433", }, ], trust: 0.6, }, }
var-202302-1417
Vulnerability from variot
Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1417", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.6.0 that's all 9.4.2", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.5.0 to 8.5.4", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004466", }, { db: "NVD", id: "CVE-2022-38376", }, ], }, cve: "CVE-2022-38376", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2022-38376", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2022-38376", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-38376", trust: 1, value: "MEDIUM", }, { author: "psirt@fortinet.com", id: "CVE-2022-38376", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2022-38376", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202302-1439", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004466", }, { db: "CNNVD", id: "CNNVD-202302-1439", }, { db: "NVD", id: "CVE-2022-38376", }, { db: "NVD", id: "CVE-2022-38376", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with", sources: [ { db: "NVD", id: "CVE-2022-38376", }, { db: "JVNDB", id: "JVNDB-2023-004466", }, { db: "VULHUB", id: "VHN-434170", }, { db: "VULMON", id: "CVE-2022-38376", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-38376", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2023-004466", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1439", trust: 0.6, }, { db: "VULHUB", id: "VHN-434170", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-38376", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-434170", }, { db: "VULMON", id: "CVE-2022-38376", }, { db: "JVNDB", id: "JVNDB-2023-004466", }, { db: "CNNVD", id: "CNNVD-202302-1439", }, { db: "NVD", id: "CVE-2022-38376", }, ], }, id: "VAR-202302-1417", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-434170", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:26:48.076000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-273", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-22-273", }, { title: "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226808", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004466", }, { db: "CNNVD", id: "CNNVD-202302-1439", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-434170", }, { db: "JVNDB", id: "JVNDB-2023-004466", }, { db: "NVD", id: "CVE-2022-38376", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/psirt/fg-ir-22-273", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-38376", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-38376/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-434170", }, { db: "VULMON", id: "CVE-2022-38376", }, { db: "JVNDB", id: "JVNDB-2023-004466", }, { db: "CNNVD", id: "CNNVD-202302-1439", }, { db: "NVD", id: "CVE-2022-38376", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-434170", }, { db: "VULMON", id: "CVE-2022-38376", }, { db: "JVNDB", id: "JVNDB-2023-004466", }, { db: "CNNVD", id: "CNNVD-202302-1439", }, { db: "NVD", id: "CVE-2022-38376", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULHUB", id: "VHN-434170", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-38376", }, { date: "2023-10-30T00:00:00", db: "JVNDB", id: "JVNDB-2023-004466", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1439", }, { date: "2023-02-16T19:15:12.860000", db: "NVD", id: "CVE-2022-38376", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-24T00:00:00", db: "VULHUB", id: "VHN-434170", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-38376", }, { date: "2023-10-30T07:28:00", db: "JVNDB", id: "JVNDB-2023-004466", }, { date: "2023-02-27T00:00:00", db: "CNNVD", id: "CNNVD-202302-1439", }, { date: "2023-11-07T03:50:06.630000", db: "NVD", id: "CVE-2022-38376", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1439", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC Cross-site scripting vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-004466", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202302-1439", }, ], trust: 0.6, }, }
var-202305-0134
Vulnerability from variot
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from the use of a weak encryption algorithm vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0134", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.2.6", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, ], sources: [ { db: "NVD", id: "CVE-2022-45858", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.2.6", versionStartIncluding: "9.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.1.0", versionStartIncluding: "8.7.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-45858", }, ], }, cve: "CVE-2022-45858", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, id: "CVE-2022-45858", impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2022-45858", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202305-189", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-45858", }, { db: "CNNVD", id: "CNNVD-202305-189", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from the use of a weak encryption algorithm vulnerability", sources: [ { db: "NVD", id: "CVE-2022-45858", }, { db: "CNNVD", id: "CNNVD-202305-189", }, { db: "VULMON", id: "CVE-2022-45858", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-45858", trust: 1.7, }, { db: "AUSCERT", id: "ESB-2023.2497", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202305-189", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-45858", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-45858", }, { db: "NVD", id: "CVE-2022-45858", }, { db: "CNNVD", id: "CNNVD-202305-189", }, ], }, id: "VAR-202305-0134", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-05-12T22:41:09.715000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fortinet FortiNAC Fixes for encryption problem vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237179", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-189", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-327", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-45858", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-452", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-45858/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.2497", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-45858", }, { db: "NVD", id: "CVE-2022-45858", }, { db: "CNNVD", id: "CNNVD-202305-189", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-45858", }, { db: "NVD", id: "CVE-2022-45858", }, { db: "CNNVD", id: "CNNVD-202305-189", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-03T00:00:00", db: "VULMON", id: "CVE-2022-45858", }, { date: "2023-05-03T22:15:00", db: "NVD", id: "CVE-2022-45858", }, { date: "2023-05-03T00:00:00", db: "CNNVD", id: "CNNVD-202305-189", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-04T00:00:00", db: "VULMON", id: "CVE-2022-45858", }, { date: "2023-05-11T17:50:00", db: "NVD", id: "CVE-2022-45858", }, { date: "2023-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202305-189", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202305-189", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Encryption problem vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202305-189", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-202305-189", }, ], trust: 0.6, }, }
var-201908-0099
Vulnerability from variot
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. The admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0099", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "eq", trust: 2.4, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.3.6", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.3.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "fortinet", version: "8.3.0 to 8.3.6", }, { model: "fortinac", scope: "gte", trust: 0.6, vendor: "fortinet", version: "8.3.0,<=8.3.6", }, { model: "fortinac", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.5", }, { model: "fortinac", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3.6", }, { model: "fortinac", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3.4", }, { model: "fortinac", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3.3", }, { model: "fortinac", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3.2", }, { model: "fortinac", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3.1", }, { model: "fortinac", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3", }, { model: "fortinac", scope: "ne", trust: 0.3, vendor: "fortinet", version: "8.5.1", }, { model: "fortinac", scope: "ne", trust: 0.3, vendor: "fortinet", version: "8.3.7", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-22380", }, { db: "BID", id: "109302", }, { db: "JVNDB", id: "JVNDB-2019-008217", }, { db: "NVD", id: "CVE-2019-5594", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:fortinet:fortinac", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-008217", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Johnatan Camargo from PBI | Dynamic IT Security.", sources: [ { db: "BID", id: "109302", }, { db: "CNNVD", id: "CNNVD-201907-985", }, ], trust: 0.9, }, cve: "CVE-2019-5594", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2019-5594", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2020-22380", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-157029", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2019-5594", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1.8, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-5594", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2019-5594", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-22380", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201907-985", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-157029", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-22380", }, { db: "VULHUB", id: "VHN-157029", }, { db: "JVNDB", id: "JVNDB-2019-008217", }, { db: "CNNVD", id: "CNNVD-201907-985", }, { db: "NVD", id: "CVE-2019-5594", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nThe admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nFortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable", sources: [ { db: "NVD", id: "CVE-2019-5594", }, { db: "JVNDB", id: "JVNDB-2019-008217", }, { db: "CNVD", id: "CNVD-2020-22380", }, { db: "CNNVD", id: "CNNVD-201907-985", }, { db: "BID", id: "109302", }, { db: "VULHUB", id: "VHN-157029", }, ], trust: 3.06, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-5594", trust: 3.4, }, { db: "BID", id: "109302", trust: 1, }, { db: "JVNDB", id: "JVNDB-2019-008217", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201907-985", trust: 0.7, }, { db: "CNVD", id: "CNVD-2020-22380", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.2651", trust: 0.6, }, { db: "VULHUB", id: "VHN-157029", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-22380", }, { db: "VULHUB", id: "VHN-157029", }, { db: "BID", id: "109302", }, { db: "JVNDB", id: "JVNDB-2019-008217", }, { db: "CNNVD", id: "CNNVD-201907-985", }, { db: "NVD", id: "CVE-2019-5594", }, ], }, id: "VAR-201908-0099", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-22380", }, { db: "VULHUB", id: "VHN-157029", }, ], trust: 0.06999999999999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-22380", }, ], }, last_update_date: "2024-11-23T22:21:33.758000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-19-140", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-19-140", }, { title: "Patch for Fortinet FortiNAC cross-site scripting vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/213611", }, { title: "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95287", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-22380", }, { db: "JVNDB", id: "JVNDB-2019-008217", }, { db: "CNNVD", id: "CNNVD-201907-985", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-157029", }, { db: "JVNDB", id: "JVNDB-2019-008217", }, { db: "NVD", id: "CVE-2019-5594", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-5594", }, { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-19-140", }, { trust: 0.9, url: "http://www.fortinet.com/", }, { trust: 0.9, url: "https://fortiguard.com/psirt/fg-ir-19-140", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5594", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.2651/", }, { trust: 0.6, url: "https://www.securityfocus.com/bid/109302", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-22380", }, { db: "VULHUB", id: "VHN-157029", }, { db: "BID", id: "109302", }, { db: "JVNDB", id: "JVNDB-2019-008217", }, { db: "CNNVD", id: "CNNVD-201907-985", }, { db: "NVD", id: "CVE-2019-5594", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-22380", }, { db: "VULHUB", id: "VHN-157029", }, { db: "BID", id: "109302", }, { db: "JVNDB", id: "JVNDB-2019-008217", }, { db: "CNNVD", id: "CNNVD-201907-985", }, { db: "NVD", id: "CVE-2019-5594", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-12T00:00:00", db: "CNVD", id: "CNVD-2020-22380", }, { date: "2019-08-23T00:00:00", db: "VULHUB", id: "VHN-157029", }, { date: "2019-07-16T00:00:00", db: "BID", id: "109302", }, { date: "2019-08-28T00:00:00", db: "JVNDB", id: "JVNDB-2019-008217", }, { date: "2019-07-17T00:00:00", db: "CNNVD", id: "CNNVD-201907-985", }, { date: "2019-08-23T21:15:12.130000", db: "NVD", id: "CVE-2019-5594", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-12T00:00:00", db: "CNVD", id: "CNVD-2020-22380", }, { date: "2019-08-26T00:00:00", db: "VULHUB", id: "VHN-157029", }, { date: "2019-07-16T00:00:00", db: "BID", id: "109302", }, { date: "2019-08-28T00:00:00", db: "JVNDB", id: "JVNDB-2019-008217", }, { date: "2019-08-27T00:00:00", db: "CNNVD", id: "CNNVD-201907-985", }, { date: "2024-11-21T04:45:11.907000", db: "NVD", id: "CVE-2019-5594", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201907-985", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC cross-site scripting vulnerability", sources: [ { db: "CNVD", id: "CNVD-2020-22380", }, { db: "CNNVD", id: "CNNVD-201907-985", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201907-985", }, ], trust: 0.6, }, }
var-202302-1489
Vulnerability from variot
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. fortinet's FortiNAC There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability, which stems from. The following versions are affected: versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0through 8.5.4, 8.3.7
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1489", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.7", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.5", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.5", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.6.0 to 8.6.5", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.2.0 to 9.2.5", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.7.0 to 8.7.6", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.1.0 to 9.1.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.5.0 to 8.5.4", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.8.0 to 8.8.11", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019906", }, { db: "NVD", id: "CVE-2022-40678", }, ], }, cve: "CVE-2022-40678", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2022-40678", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "LOCAL", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.4, id: "CVE-2022-40678", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-40678", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-40678", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2022-40678", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-40678", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202302-1431", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019906", }, { db: "CNNVD", id: "CNNVD-202302-1431", }, { db: "NVD", id: "CVE-2022-40678", }, { db: "NVD", id: "CVE-2022-40678", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. fortinet's FortiNAC There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability, which stems from. The following versions are affected: versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0through 8.5.4, 8.3.7", sources: [ { db: "NVD", id: "CVE-2022-40678", }, { db: "JVNDB", id: "JVNDB-2022-019906", }, { db: "CNNVD", id: "CNNVD-202302-1431", }, { db: "VULHUB", id: "VHN-436491", }, { db: "VULMON", id: "CVE-2022-40678", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-40678", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2022-019906", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1431", trust: 0.6, }, { db: "VULHUB", id: "VHN-436491", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-40678", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-436491", }, { db: "VULMON", id: "CVE-2022-40678", }, { db: "JVNDB", id: "JVNDB-2022-019906", }, { db: "CNNVD", id: "CNNVD-202302-1431", }, { db: "NVD", id: "CVE-2022-40678", }, ], }, id: "VAR-202302-1489", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-436491", }, ], trust: 0.01, }, last_update_date: "2024-08-14T13:42:03.849000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-265", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-22-265", }, { title: "Fortinet FortiNAC Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226973", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019906", }, { db: "CNNVD", id: "CNNVD-202302-1431", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-522", trust: 1.1, }, { problemtype: "Inadequate protection of credentials (CWE-522) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-436491", }, { db: "JVNDB", id: "JVNDB-2022-019906", }, { db: "NVD", id: "CVE-2022-40678", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/psirt/fg-ir-22-265", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40678", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-40678/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-436491", }, { db: "VULMON", id: "CVE-2022-40678", }, { db: "JVNDB", id: "JVNDB-2022-019906", }, { db: "CNNVD", id: "CNNVD-202302-1431", }, { db: "NVD", id: "CVE-2022-40678", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-436491", }, { db: "VULMON", id: "CVE-2022-40678", }, { db: "JVNDB", id: "JVNDB-2022-019906", }, { db: "CNNVD", id: "CNNVD-202302-1431", }, { db: "NVD", id: "CVE-2022-40678", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULHUB", id: "VHN-436491", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-40678", }, { date: "2023-10-30T00:00:00", db: "JVNDB", id: "JVNDB-2022-019906", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1431", }, { date: "2023-02-16T19:15:13.313000", db: "NVD", id: "CVE-2022-40678", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-27T00:00:00", db: "VULHUB", id: "VHN-436491", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-40678", }, { date: "2023-10-30T01:32:00", db: "JVNDB", id: "JVNDB-2022-019906", }, { date: "2023-02-28T00:00:00", db: "CNNVD", id: "CNNVD-202302-1431", }, { date: "2023-11-07T03:52:34.990000", db: "NVD", id: "CVE-2022-40678", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202302-1431", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC Vulnerability regarding insufficient protection of authentication information in", sources: [ { db: "JVNDB", id: "JVNDB-2022-019906", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202302-1431", }, ], trust: 0.6, }, }
var-202305-0039
Vulnerability from variot
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability due to an open redirection vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0039", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac-f", scope: "eq", trust: 1, vendor: "fortinet", version: "7.2.0", }, ], sources: [ { db: "NVD", id: "CVE-2022-43950", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.2", versionStartIncluding: "8.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-43950", }, ], }, cve: "CVE-2022-43950", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2022-43950", impactScore: 1.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2022-43950", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202305-190", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-43950", }, { db: "CNNVD", id: "CNNVD-202305-190", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, \r\n 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability due to an open redirection vulnerability", sources: [ { db: "NVD", id: "CVE-2022-43950", }, { db: "CNNVD", id: "CNNVD-202305-190", }, { db: "VULMON", id: "CVE-2022-43950", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-43950", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202305-190", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-43950", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-43950", }, { db: "NVD", id: "CVE-2022-43950", }, { db: "CNNVD", id: "CNNVD-202305-190", }, ], }, id: "VAR-202305-0039", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-05-12T22:56:32.886000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fortinet FortiNAC Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237180", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-190", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-601", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-43950", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-407", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-43950/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-43950", }, { db: "NVD", id: "CVE-2022-43950", }, { db: "CNNVD", id: "CNNVD-202305-190", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-43950", }, { db: "NVD", id: "CVE-2022-43950", }, { db: "CNNVD", id: "CNNVD-202305-190", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-03T00:00:00", db: "VULMON", id: "CVE-2022-43950", }, { date: "2023-05-03T22:15:00", db: "NVD", id: "CVE-2022-43950", }, { date: "2023-05-03T00:00:00", db: "CNNVD", id: "CNNVD-202305-190", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-04T00:00:00", db: "VULMON", id: "CVE-2022-43950", }, { date: "2023-05-11T17:51:00", db: "NVD", id: "CVE-2022-43950", }, { date: "2023-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202305-190", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202305-190", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Input validation error vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202305-190", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202305-190", }, ], trust: 0.6, }, }
var-202009-0095
Vulnerability from variot
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. FortiNAC 8.7.2 and earlier versions have cross-site scripting vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0095", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "8.7.3", }, ], sources: [ { db: "NVD", id: "CVE-2020-12816", }, ], }, cve: "CVE-2020-12816", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2020-12816", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-165532", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2020-12816", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-12816", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202009-1378", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-165532", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-165532", }, { db: "CNNVD", id: "CNNVD-202009-1378", }, { db: "NVD", id: "CVE-2020-12816", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortiNAC 8.7.2 and earlier versions have cross-site scripting vulnerabilities", sources: [ { db: "NVD", id: "CVE-2020-12816", }, { db: "CNNVD", id: "CNNVD-202009-1378", }, { db: "VULHUB", id: "VHN-165532", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-12816", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202009-1378", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2020.3261", trust: 0.6, }, { db: "CNVD", id: "CNVD-2020-57049", trust: 0.1, }, { db: "VULHUB", id: "VHN-165532", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-165532", }, { db: "CNNVD", id: "CNNVD-202009-1378", }, { db: "NVD", id: "CVE-2020-12816", }, ], }, id: "VAR-202009-0095", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-165532", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:25:22.731000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129749", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202009-1378", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.1, }, ], sources: [ { db: "VULHUB", id: "VHN-165532", }, { db: "NVD", id: "CVE-2020-12816", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-20-002", }, { trust: 1.6, url: "https://www.fortiguard.com/psirt/fg-ir-20-002", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3261/", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12816", }, ], sources: [ { db: "VULHUB", id: "VHN-165532", }, { db: "CNNVD", id: "CNNVD-202009-1378", }, { db: "NVD", id: "CVE-2020-12816", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-165532", }, { db: "CNNVD", id: "CNNVD-202009-1378", }, { db: "NVD", id: "CVE-2020-12816", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-24T00:00:00", db: "VULHUB", id: "VHN-165532", }, { date: "2020-09-24T00:00:00", db: "CNNVD", id: "CNNVD-202009-1378", }, { date: "2020-09-24T15:15:13.093000", db: "NVD", id: "CVE-2020-12816", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-30T00:00:00", db: "VULHUB", id: "VHN-165532", }, { date: "2020-10-09T00:00:00", db: "CNNVD", id: "CNNVD-202009-1378", }, { date: "2024-11-21T05:00:19.927000", db: "NVD", id: "CVE-2020-12816", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202009-1378", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Cross-site scripting vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202009-1378", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202009-1378", }, ], trust: 0.6, }, }
var-202306-1251
Vulnerability from variot
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from an access control flaw. The following versions are affected: versions 9.4.2 and earlier, versions 9.2.7 and earlier, all versions 9.1, all versions 8.8, all versions 8.7, all versions 8.6, and all versions 8.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-1251", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.10", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.8", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.1", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.5", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, ], sources: [ { db: "NVD", id: "CVE-2022-39946", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1.10", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.8", versionStartIncluding: "9.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-39946", }, ], }, cve: "CVE-2022-39946", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2022-39946", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2022-39946", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202306-896", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-39946", }, { db: "CNNVD", id: "CNNVD-202306-896", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from an access control flaw. The following versions are affected: versions 9.4.2 and earlier, versions 9.2.7 and earlier, all versions 9.1, all versions 8.8, all versions 8.7, all versions 8.6, and all versions 8.5", sources: [ { db: "NVD", id: "CVE-2022-39946", }, { db: "CNNVD", id: "CNNVD-202306-896", }, ], trust: 1.44, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-39946", trust: 1.6, }, { db: "CNNVD", id: "CNNVD-202306-896", trust: 0.6, }, ], sources: [ { db: "NVD", id: "CVE-2022-39946", }, { db: "CNNVD", id: "CNNVD-202306-896", }, ], }, id: "VAR-202306-1251", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-06-19T22:37:26.978000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-39946", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://fortiguard.com/psirt/fg-ir-22-332", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-39946/", }, ], sources: [ { db: "NVD", id: "CVE-2022-39946", }, { db: "CNNVD", id: "CNNVD-202306-896", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "NVD", id: "CVE-2022-39946", }, { db: "CNNVD", id: "CNNVD-202306-896", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-13T09:15:00", db: "NVD", id: "CVE-2022-39946", }, { date: "2023-06-13T00:00:00", db: "CNNVD", id: "CNNVD-202306-896", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-16T18:40:00", db: "NVD", id: "CVE-2022-39946", }, { date: "2023-06-19T00:00:00", db: "CNNVD", id: "CNNVD-202306-896", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202306-896", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Security hole", sources: [ { db: "CNNVD", id: "CNNVD-202306-896", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202306-896", }, ], trust: 0.6, }, }
var-202302-1269
Vulnerability from variot
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1269", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.2.7", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac-f", scope: "lt", trust: 1, vendor: "fortinet", version: "7.2.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "-f 7.2.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.2.0 that's all 9.2.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.0 that's all 9.4.2", }, { model: "fortinac-f", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.2.0", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004465", }, { db: "NVD", id: "CVE-2022-38375", }, ], }, cve: "CVE-2022-38375", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-38375", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2022-38375", impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-38375", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-38375", trust: 1, value: "CRITICAL", }, { author: "psirt@fortinet.com", id: "CVE-2022-38375", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-38375", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202302-1440", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004465", }, { db: "CNNVD", id: "CNNVD-202302-1440", }, { db: "NVD", id: "CVE-2022-38375", }, { db: "NVD", id: "CVE-2022-38375", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-38375", }, { db: "JVNDB", id: "JVNDB-2023-004465", }, { db: "VULHUB", id: "VHN-434169", }, { db: "VULMON", id: "CVE-2022-38375", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-38375", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2023-004465", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1440", trust: 0.6, }, { db: "VULHUB", id: "VHN-434169", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-38375", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-434169", }, { db: "VULMON", id: "CVE-2022-38375", }, { db: "JVNDB", id: "JVNDB-2023-004465", }, { db: "CNNVD", id: "CNNVD-202302-1440", }, { db: "NVD", id: "CVE-2022-38375", }, ], }, id: "VAR-202302-1269", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-434169", }, ], trust: 0.01, }, last_update_date: "2024-08-14T14:30:44.572000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-329", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-22-329", }, { title: "Fortinet FortiNAC Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226809", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004465", }, { db: "CNNVD", id: "CNNVD-202302-1440", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-285", trust: 1, }, { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "others (CWE-Other) [NVD evaluation ]", trust: 0.8, }, { problemtype: "CWE-863", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-434169", }, { db: "JVNDB", id: "JVNDB-2023-004465", }, { db: "NVD", id: "CVE-2022-38375", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/psirt/fg-ir-22-329", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-38375", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-38375/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-434169", }, { db: "VULMON", id: "CVE-2022-38375", }, { db: "JVNDB", id: "JVNDB-2023-004465", }, { db: "CNNVD", id: "CNNVD-202302-1440", }, { db: "NVD", id: "CVE-2022-38375", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-434169", }, { db: "VULMON", id: "CVE-2022-38375", }, { db: "JVNDB", id: "JVNDB-2023-004465", }, { db: "CNNVD", id: "CNNVD-202302-1440", }, { db: "NVD", id: "CVE-2022-38375", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULHUB", id: "VHN-434169", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-38375", }, { date: "2023-10-30T00:00:00", db: "JVNDB", id: "JVNDB-2023-004465", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1440", }, { date: "2023-02-16T19:15:12.797000", db: "NVD", id: "CVE-2022-38375", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-24T00:00:00", db: "VULHUB", id: "VHN-434169", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-38375", }, { date: "2023-10-30T07:28:00", db: "JVNDB", id: "JVNDB-2023-004465", }, { date: "2023-02-27T00:00:00", db: "CNNVD", id: "CNNVD-202302-1440", }, { date: "2023-11-07T03:50:06.460000", db: "NVD", id: "CVE-2022-38375", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1440", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC and FortiNAC-F Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-004465", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202302-1440", }, ], trust: 0.6, }, }
var-202207-0114
Vulnerability from variot
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0114", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.2.4", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.2", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.5", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.2", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.1.6", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.8.11 and earlier", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "9.1.5 and earlier", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.7.6 and earlier", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.6.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "9.2.3 and earlier", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.5.4", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.3.7 and earlier", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.5.2 and earlier", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.6.5 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015258", }, { db: "NVD", id: "CVE-2022-26117", }, ], }, cve: "CVE-2022-26117", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-26117", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2022-015258", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-26117", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2022-26117", trust: 1, value: "HIGH", }, { author: "OTHER", id: "JVNDB-2022-015258", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202207-383", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015258", }, { db: "CNNVD", id: "CNNVD-202207-383", }, { db: "NVD", id: "CVE-2022-26117", }, { db: "NVD", id: "CVE-2022-26117", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC", sources: [ { db: "NVD", id: "CVE-2022-26117", }, { db: "JVNDB", id: "JVNDB-2022-015258", }, { db: "CNNVD", id: "CNNVD-202207-383", }, { db: "VULHUB", id: "VHN-416878", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-26117", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-015258", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202207-383", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2022.3268", trust: 0.6, }, { db: "CS-HELP", id: "SB2022070529", trust: 0.6, }, { db: "VULHUB", id: "VHN-416878", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-416878", }, { db: "JVNDB", id: "JVNDB-2022-015258", }, { db: "CNNVD", id: "CNNVD-202207-383", }, { db: "NVD", id: "CVE-2022-26117", }, ], }, id: "VAR-202207-0114", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-416878", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:21:45.915000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-058", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-22-058", }, { title: "Fortinet FortiNAC Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=201341", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015258", }, { db: "CNNVD", id: "CNNVD-202207-383", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-521", trust: 1.1, }, { problemtype: "Weak password request (CWE-521) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-416878", }, { db: "JVNDB", id: "JVNDB-2022-015258", }, { db: "NVD", id: "CVE-2022-26117", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-058", }, { trust: 1.7, url: "https://github.com/orangecertcc/security-research/security/advisories/ghsa-r259-5p5p-2q47", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-26117", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-26117/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022070529", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.3268", }, ], sources: [ { db: "VULHUB", id: "VHN-416878", }, { db: "JVNDB", id: "JVNDB-2022-015258", }, { db: "CNNVD", id: "CNNVD-202207-383", }, { db: "NVD", id: "CVE-2022-26117", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-416878", }, { db: "JVNDB", id: "JVNDB-2022-015258", }, { db: "CNNVD", id: "CNNVD-202207-383", }, { db: "NVD", id: "CVE-2022-26117", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-18T00:00:00", db: "VULHUB", id: "VHN-416878", }, { date: "2023-09-26T00:00:00", db: "JVNDB", id: "JVNDB-2022-015258", }, { date: "2022-07-05T00:00:00", db: "CNNVD", id: "CNNVD-202207-383", }, { date: "2022-07-18T18:15:09.017000", db: "NVD", id: "CVE-2022-26117", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULHUB", id: "VHN-416878", }, { date: "2023-09-26T05:07:00", db: "JVNDB", id: "JVNDB-2022-015258", }, { date: "2023-02-01T00:00:00", db: "CNNVD", id: "CNNVD-202207-383", }, { date: "2023-02-16T19:28:48.090000", db: "NVD", id: "CVE-2022-26117", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202207-383", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiNAC Vulnerability in requesting weak passwords in", sources: [ { db: "JVNDB", id: "JVNDB-2022-015258", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202207-383", }, ], trust: 0.6, }, }
var-202112-0384
Vulnerability from variot
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. FortiNAC Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC 8.8.8 and earlier versions and 9.1.2 and earlier versions have security vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0384", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.8.1", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.8.3", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.8.4", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.8.2", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.8.5", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.8.8", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.1.1", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.8.6", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.1.2", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.8.7", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "9.1.2 and earlier", }, { model: "fortinac", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.8.8 and earlier", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016056", }, { db: "NVD", id: "CVE-2021-41021", }, ], }, cve: "CVE-2021-41021", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CVE-2021-41021", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "VHN-402293", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2021-41021", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2021-41021", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-41021", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-41021", trust: 1, value: "MEDIUM", }, { author: "psirt@fortinet.com", id: "CVE-2021-41021", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-41021", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202112-696", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-402293", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-402293", }, { db: "JVNDB", id: "JVNDB-2021-016056", }, { db: "CNNVD", id: "CNNVD-202112-696", }, { db: "NVD", id: "CVE-2021-41021", }, { db: "NVD", id: "CVE-2021-41021", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. FortiNAC Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC 8.8.8 and earlier versions and 9.1.2 and earlier versions have security vulnerabilities", sources: [ { db: "NVD", id: "CVE-2021-41021", }, { db: "JVNDB", id: "JVNDB-2021-016056", }, { db: "CNNVD", id: "CNNVD-202112-696", }, { db: "VULHUB", id: "VHN-402293", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-41021", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-016056", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-696", trust: 0.7, }, { db: "CNVD", id: "CNVD-2022-19076", trust: 0.1, }, { db: "VULHUB", id: "VHN-402293", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-402293", }, { db: "JVNDB", id: "JVNDB-2021-016056", }, { db: "CNNVD", id: "CNNVD-202112-696", }, { db: "NVD", id: "CVE-2021-41021", }, ], }, id: "VAR-202112-0384", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-402293", }, ], trust: 0.01, }, last_update_date: "2024-11-23T21:50:50.739000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-21-182", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-21-182", }, { title: "Fortinet FortiNAC Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174991", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016056", }, { db: "CNNVD", id: "CNNVD-202112-696", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, { problemtype: "CWE-269", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-402293", }, { db: "JVNDB", id: "JVNDB-2021-016056", }, { db: "NVD", id: "CVE-2021-41021", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-21-182", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41021", }, ], sources: [ { db: "VULHUB", id: "VHN-402293", }, { db: "JVNDB", id: "JVNDB-2021-016056", }, { db: "CNNVD", id: "CNNVD-202112-696", }, { db: "NVD", id: "CVE-2021-41021", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-402293", }, { db: "JVNDB", id: "JVNDB-2021-016056", }, { db: "CNNVD", id: "CNNVD-202112-696", }, { db: "NVD", id: "CVE-2021-41021", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-08T00:00:00", db: "VULHUB", id: "VHN-402293", }, { date: "2022-12-05T00:00:00", db: "JVNDB", id: "JVNDB-2021-016056", }, { date: "2021-12-08T00:00:00", db: "CNNVD", id: "CNNVD-202112-696", }, { date: "2021-12-08T18:15:18.547000", db: "NVD", id: "CVE-2021-41021", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-12T00:00:00", db: "VULHUB", id: "VHN-402293", }, { date: "2022-12-05T07:57:00", db: "JVNDB", id: "JVNDB-2021-016056", }, { date: "2022-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202112-696", }, { date: "2024-11-21T06:25:16.950000", db: "NVD", id: "CVE-2021-41021", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202112-696", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiNAC Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-016056", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-696", }, ], trust: 0.6, }, }
var-202105-0663
Vulnerability from variot
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. FortiNAC Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. FortiNAC has vulnerabilities in permissions and access control issues. The vulnerabilities stem from the incorrect application of security restrictions. This vulnerability allows remote users to elevate privileges on the system. The following products and versions are affected: FortiNAC: 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.5.0, 8.5.1, 8.5 .2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.7.0, 8.7.1, 8.7.2, 8.7.4 , 8.7.5, 8.7.6, 8.8.0, 8.8.1. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-0663", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "8.8.2", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.8.2", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-006797", }, { db: "NVD", id: "CVE-2021-24011", }, ], }, cve: "CVE-2021-24011", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "CVE-2021-24011", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "VHN-382729", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2021-24011", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "psirt@fortinet.com", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2021-24011", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-24011", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-24011", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2021-24011", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-24011", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202105-180", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-382729", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-24011", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-382729", }, { db: "VULMON", id: "CVE-2021-24011", }, { db: "JVNDB", id: "JVNDB-2021-006797", }, { db: "CNNVD", id: "CNNVD-202105-180", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-24011", }, { db: "NVD", id: "CVE-2021-24011", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. FortiNAC Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortiNAC has vulnerabilities in permissions and access control issues. The vulnerabilities stem from the incorrect application of security restrictions. This vulnerability allows remote users to elevate privileges on the system. The following products and versions are affected: FortiNAC: 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.5.0, 8.5.1, 8.5 .2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.7.0, 8.7.1, 8.7.2, 8.7.4 , 8.7.5, 8.7.6, 8.8.0, 8.8.1. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", sources: [ { db: "NVD", id: "CVE-2021-24011", }, { db: "JVNDB", id: "JVNDB-2021-006797", }, { db: "CNNVD", id: "CNNVD-202105-180", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULHUB", id: "VHN-382729", }, { db: "VULMON", id: "CVE-2021-24011", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-24011", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2021-006797", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2021.1510", trust: 0.6, }, { db: "CS-HELP", id: "SB2021050506", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202105-180", trust: 0.6, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "VULHUB", id: "VHN-382729", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-24011", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-382729", }, { db: "VULMON", id: "CVE-2021-24011", }, { db: "JVNDB", id: "JVNDB-2021-006797", }, { db: "CNNVD", id: "CNNVD-202105-180", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-24011", }, ], }, id: "VAR-202105-0663", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-382729", }, ], trust: 0.01, }, last_update_date: "2024-08-14T12:07:14.793000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-20-038", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-20-038", }, { title: "Fortinet FortiNAC Fixes for permissions and access control issues vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151200", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-006797", }, { db: "CNNVD", id: "CNNVD-202105-180", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Improper authority management (CWE-269) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-006797", }, { db: "NVD", id: "CVE-2021-24011", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/advisory/fg-ir-20-038", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-24011", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.1510", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021050506", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/269.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-382729", }, { db: "VULMON", id: "CVE-2021-24011", }, { db: "JVNDB", id: "JVNDB-2021-006797", }, { db: "CNNVD", id: "CNNVD-202105-180", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-24011", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-382729", }, { db: "VULMON", id: "CVE-2021-24011", }, { db: "JVNDB", id: "JVNDB-2021-006797", }, { db: "CNNVD", id: "CNNVD-202105-180", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-24011", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-05-10T00:00:00", db: "VULHUB", id: "VHN-382729", }, { date: "2021-05-10T00:00:00", db: "VULMON", id: "CVE-2021-24011", }, { date: "2022-01-20T00:00:00", db: "JVNDB", id: "JVNDB-2021-006797", }, { date: "2021-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202105-180", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-05-10T12:15:07.640000", db: "NVD", id: "CVE-2021-24011", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-03T00:00:00", db: "VULHUB", id: "VHN-382729", }, { date: "2021-05-19T00:00:00", db: "VULMON", id: "CVE-2021-24011", }, { date: "2022-01-20T07:25:00", db: "JVNDB", id: "JVNDB-2021-006797", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202105-180", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-05-03T16:04:40.443000", db: "NVD", id: "CVE-2021-24011", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202105-180", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiNAC Vulnerability in privilege management", sources: [ { db: "JVNDB", id: "JVNDB-2021-006797", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control issues", sources: [ { db: "CNNVD", id: "CNNVD-202105-180", }, ], trust: 0.6, }, }
var-202302-1353
Vulnerability from variot
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. fortinet's FortiNAC and FortiNAC-F for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1353", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac-f", scope: "lt", trust: 1, vendor: "fortinet", version: "7.2.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.7", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac-f", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019900", }, { db: "NVD", id: "CVE-2022-39954", }, ], }, cve: "CVE-2022-39954", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-39954", impactScore: 5.2, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@fortinet.com", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitabilityScore: 3.9, id: "CVE-2022-39954", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.1, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-39954", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-39954", trust: 1, value: "CRITICAL", }, { author: "psirt@fortinet.com", id: "CVE-2022-39954", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-39954", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202302-1435", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019900", }, { db: "CNNVD", id: "CNNVD-202302-1435", }, { db: "NVD", id: "CVE-2022-39954", }, { db: "NVD", id: "CVE-2022-39954", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. fortinet's FortiNAC and FortiNAC-F for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-39954", }, { db: "JVNDB", id: "JVNDB-2022-019900", }, { db: "VULHUB", id: "VHN-435751", }, { db: "VULMON", id: "CVE-2022-39954", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-39954", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2022-019900", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2023.1054", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202302-1435", trust: 0.6, }, { db: "VULHUB", id: "VHN-435751", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-39954", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-435751", }, { db: "VULMON", id: "CVE-2022-39954", }, { db: "JVNDB", id: "JVNDB-2022-019900", }, { db: "CNNVD", id: "CNNVD-202302-1435", }, { db: "NVD", id: "CVE-2022-39954", }, ], }, id: "VAR-202302-1353", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-435751", }, ], trust: 0.01, }, last_update_date: "2024-08-14T14:30:44.521000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-304", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-22-304", }, { title: "Fortinet FortiNAC Fixes for code issue vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226975", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019900", }, { db: "CNNVD", id: "CNNVD-202302-1435", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-611", trust: 1.1, }, { problemtype: "XML Improper restriction of external entity references (CWE-611) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-435751", }, { db: "JVNDB", id: "JVNDB-2022-019900", }, { db: "NVD", id: "CVE-2022-39954", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/psirt/fg-ir-22-304", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-39954", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-39954/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.1054", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-435751", }, { db: "VULMON", id: "CVE-2022-39954", }, { db: "JVNDB", id: "JVNDB-2022-019900", }, { db: "CNNVD", id: "CNNVD-202302-1435", }, { db: "NVD", id: "CVE-2022-39954", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-435751", }, { db: "VULMON", id: "CVE-2022-39954", }, { db: "JVNDB", id: "JVNDB-2022-019900", }, { db: "CNNVD", id: "CNNVD-202302-1435", }, { db: "NVD", id: "CVE-2022-39954", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULHUB", id: "VHN-435751", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-39954", }, { date: "2023-10-30T00:00:00", db: "JVNDB", id: "JVNDB-2022-019900", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1435", }, { date: "2023-02-16T19:15:13.120000", db: "NVD", id: "CVE-2022-39954", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-27T00:00:00", db: "VULHUB", id: "VHN-435751", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-39954", }, { date: "2023-10-30T01:08:00", db: "JVNDB", id: "JVNDB-2022-019900", }, { date: "2023-02-28T00:00:00", db: "CNNVD", id: "CNNVD-202302-1435", }, { date: "2023-11-07T03:50:41.493000", db: "NVD", id: "CVE-2022-39954", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1435", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC and FortiNAC-F In XML External entity vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2022-019900", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202302-1435", }, ], trust: 0.6, }, }
var-202304-0865
Vulnerability from variot
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0865", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.7", }, { model: "fortinac-f", scope: "lt", trust: 1, vendor: "fortinet", version: "7.2.0", }, ], sources: [ { db: "NVD", id: "CVE-2022-43951", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.7", versionStartIncluding: "8.7.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-43951", }, ], }, cve: "CVE-2022-43951", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-43951", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2022-43951", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202304-761", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-43951", }, { db: "CNNVD", id: "CNNVD-202304-761", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection", sources: [ { db: "NVD", id: "CVE-2022-43951", }, { db: "CNNVD", id: "CNNVD-202304-761", }, ], trust: 1.44, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-43951", trust: 1.6, }, { db: "CNNVD", id: "CNNVD-202304-761", trust: 0.6, }, ], sources: [ { db: "NVD", id: "CVE-2022-43951", }, { db: "CNNVD", id: "CNNVD-202304-761", }, ], }, id: "VAR-202304-0865", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-04-22T22:48:30.984000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FortiNAC Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234182", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202304-761", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-43951", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://fortiguard.com/psirt/fg-ir-22-409", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-43951/", }, ], sources: [ { db: "NVD", id: "CVE-2022-43951", }, { db: "CNNVD", id: "CNNVD-202304-761", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "NVD", id: "CVE-2022-43951", }, { db: "CNNVD", id: "CNNVD-202304-761", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-11T17:15:00", db: "NVD", id: "CVE-2022-43951", }, { date: "2023-04-11T00:00:00", db: "CNNVD", id: "CNNVD-202304-761", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-18T19:27:00", db: "NVD", id: "CVE-2022-43951", }, { date: "2023-04-19T00:00:00", db: "CNNVD", id: "CNNVD-202304-761", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202304-761", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiNAC Security hole", sources: [ { db: "CNNVD", id: "CNNVD-202304-761", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202304-761", }, ], trust: 0.6, }, }
var-202306-1795
Vulnerability from variot
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-1795", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.9", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.7", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "7.2.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "7.2.1", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.5", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.1", }, ], sources: [ { db: "NVD", id: "CVE-2023-33299", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.7", versionStartIncluding: "9.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1.9", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:7.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-33299", }, ], }, cve: "CVE-2023-33299", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-33299", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-33299", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202306-1663", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-33299", }, { db: "CNNVD", id: "CNNVD-202306-1663", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection", sources: [ { db: "NVD", id: "CVE-2023-33299", }, { db: "CNNVD", id: "CNNVD-202306-1663", }, { db: "VULMON", id: "CVE-2023-33299", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-33299", trust: 1.7, }, { db: "AUSCERT", id: "ESB-2023.3637", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202306-1663", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-33299", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-33299", }, { db: "NVD", id: "CVE-2023-33299", }, { db: "CNNVD", id: "CNNVD-202306-1663", }, ], }, id: "VAR-202306-1795", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-07-04T22:27:30.586000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fortinet FortiNAC Fixes for code issue vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=244239", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202306-1663", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-502", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-33299", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-23-074", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.3637", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-33299/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-33299", }, { db: "NVD", id: "CVE-2023-33299", }, { db: "CNNVD", id: "CNNVD-202306-1663", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-33299", }, { db: "NVD", id: "CVE-2023-33299", }, { db: "CNNVD", id: "CNNVD-202306-1663", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-23T00:00:00", db: "VULMON", id: "CVE-2023-33299", }, { date: "2023-06-23T08:15:00", db: "NVD", id: "CVE-2023-33299", }, { date: "2023-06-23T00:00:00", db: "CNNVD", id: "CNNVD-202306-1663", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-23T00:00:00", db: "VULMON", id: "CVE-2023-33299", }, { date: "2023-07-03T18:59:00", db: "NVD", id: "CVE-2023-33299", }, { date: "2023-07-04T00:00:00", db: "CNNVD", id: "CNNVD-202306-1663", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202306-1663", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Code problem vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202306-1663", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202306-1663", }, ], trust: 0.6, }, }
var-202303-0444
Vulnerability from variot
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202303-0444", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.5", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.5", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.8", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.5.0 to 8.5.4", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.7.0 to 8.7.6", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.1.0 to 9.1.8", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.2.0 to 9.2.5", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.6.0 to 8.6.5", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.8.0 to 8.8.11", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-020657", }, { db: "NVD", id: "CVE-2022-40676", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.5", versionStartIncluding: "9.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1.8", versionStartIncluding: "9.1.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-40676", }, ], }, cve: "CVE-2022-40676", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, id: "CVE-2022-40676", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.4, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2022-40676", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-40676", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202303-493", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-020657", }, { db: "CNNVD", id: "CNNVD-202303-493", }, { db: "NVD", id: "CVE-2022-40676", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection", sources: [ { db: "NVD", id: "CVE-2022-40676", }, { db: "JVNDB", id: "JVNDB-2022-020657", }, { db: "CNNVD", id: "CNNVD-202303-493", }, { db: "VULMON", id: "CVE-2022-40676", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-40676", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-020657", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202303-493", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-40676", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-40676", }, { db: "JVNDB", id: "JVNDB-2022-020657", }, { db: "CNNVD", id: "CNNVD-202303-493", }, { db: "NVD", id: "CVE-2022-40676", }, ], }, id: "VAR-202303-0444", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-11-07T22:54:39.500000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-281", trust: 0.8, url: "https://fortiguard.com/psirt/fg-ir-22-281", }, { title: "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229004", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-020657", }, { db: "CNNVD", id: "CNNVD-202303-493", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-020657", }, { db: "NVD", id: "CVE-2022-40676", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-281", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40676", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-40676/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-40676", }, { db: "JVNDB", id: "JVNDB-2022-020657", }, { db: "CNNVD", id: "CNNVD-202303-493", }, { db: "NVD", id: "CVE-2022-40676", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-40676", }, { db: "JVNDB", id: "JVNDB-2022-020657", }, { db: "CNNVD", id: "CNNVD-202303-493", }, { db: "NVD", id: "CVE-2022-40676", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-07T00:00:00", db: "VULMON", id: "CVE-2022-40676", }, { date: "2023-11-06T00:00:00", db: "JVNDB", id: "JVNDB-2022-020657", }, { date: "2023-03-07T00:00:00", db: "CNNVD", id: "CNNVD-202303-493", }, { date: "2023-03-07T17:15:00", db: "NVD", id: "CVE-2022-40676", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-07T00:00:00", db: "VULMON", id: "CVE-2022-40676", }, { date: "2023-11-06T07:30:00", db: "JVNDB", id: "JVNDB-2022-020657", }, { date: "2023-03-15T00:00:00", db: "CNNVD", id: "CNNVD-202303-493", }, { date: "2023-03-14T15:29:00", db: "NVD", id: "CVE-2022-40676", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202303-493", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC Cross-site scripting vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-020657", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202303-493", }, ], trust: 0.6, }, }
var-202305-0103
Vulnerability from variot
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from a weak authentication flaw in the device registration page
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0103", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.6", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac-f", scope: "eq", trust: 1, vendor: "fortinet", version: "7.2.0", }, ], sources: [ { db: "NVD", id: "CVE-2022-45860", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.6", versionStartIncluding: "8.7.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-45860", }, ], }, cve: "CVE-2022-45860", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-45860", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2022-45860", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202305-192", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-45860", }, { db: "CNNVD", id: "CNNVD-202305-192", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from a weak authentication flaw in the device registration page", sources: [ { db: "NVD", id: "CVE-2022-45860", }, { db: "CNNVD", id: "CNNVD-202305-192", }, { db: "VULMON", id: "CVE-2022-45860", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-45860", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202305-192", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-45860", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-45860", }, { db: "NVD", id: "CVE-2022-45860", }, { db: "CNNVD", id: "CNNVD-202305-192", }, ], }, id: "VAR-202305-0103", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-05-12T22:47:38.454000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fortinet FortiNAC Remediation measures for authorization problem vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237181", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-192", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-287", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-45860", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-464", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-45860/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-45860", }, { db: "NVD", id: "CVE-2022-45860", }, { db: "CNNVD", id: "CNNVD-202305-192", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-45860", }, { db: "NVD", id: "CVE-2022-45860", }, { db: "CNNVD", id: "CNNVD-202305-192", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-03T00:00:00", db: "VULMON", id: "CVE-2022-45860", }, { date: "2023-05-03T22:15:00", db: "NVD", id: "CVE-2022-45860", }, { date: "2023-05-03T00:00:00", db: "CNNVD", id: "CNNVD-202305-192", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-04T00:00:00", db: "VULMON", id: "CVE-2022-45860", }, { date: "2023-05-11T17:48:00", db: "NVD", id: "CVE-2022-45860", }, { date: "2023-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202305-192", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202305-192", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Authorization problem vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202305-192", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-202305-192", }, ], trust: 0.6, }, }
var-202302-1327
Vulnerability from variot
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1327", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.5", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.7", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.9", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.1", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.6.0 to 8.6.5", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.2.0 to 9.2.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.1.0 to 9.1.9", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.7.0 to 8.7.6", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.1", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.5.0 to 8.5.4", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.8.0 to 8.8.11", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004331", }, { db: "NVD", id: "CVE-2023-22638", }, ], }, cve: "CVE-2023-22638", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, id: "CVE-2023-22638", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2023-22638", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.4, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2023-22638", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-22638", trust: 1, value: "MEDIUM", }, { author: "psirt@fortinet.com", id: "CVE-2023-22638", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2023-22638", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202302-1424", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004331", }, { db: "CNNVD", id: "CNNVD-202302-1424", }, { db: "NVD", id: "CVE-2023-22638", }, { db: "NVD", id: "CVE-2023-22638", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection", sources: [ { db: "NVD", id: "CVE-2023-22638", }, { db: "JVNDB", id: "JVNDB-2023-004331", }, { db: "CNNVD", id: "CNNVD-202302-1424", }, { db: "VULHUB", id: "VHN-450600", }, { db: "VULMON", id: "CVE-2023-22638", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-22638", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2023-004331", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2023.1053", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202302-1424", trust: 0.6, }, { db: "VULHUB", id: "VHN-450600", trust: 0.1, }, { db: "VULMON", id: "CVE-2023-22638", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-450600", }, { db: "VULMON", id: "CVE-2023-22638", }, { db: "JVNDB", id: "JVNDB-2023-004331", }, { db: "CNNVD", id: "CNNVD-202302-1424", }, { db: "NVD", id: "CVE-2023-22638", }, ], }, id: "VAR-202302-1327", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-450600", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:11:01.538000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-260", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-22-260", }, { title: "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226968", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004331", }, { db: "CNNVD", id: "CNNVD-202302-1424", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-450600", }, { db: "JVNDB", id: "JVNDB-2023-004331", }, { db: "NVD", id: "CVE-2023-22638", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/psirt/fg-ir-22-260", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-22638", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.1053", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-22638/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-450600", }, { db: "VULMON", id: "CVE-2023-22638", }, { db: "JVNDB", id: "JVNDB-2023-004331", }, { db: "CNNVD", id: "CNNVD-202302-1424", }, { db: "NVD", id: "CVE-2023-22638", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-450600", }, { db: "VULMON", id: "CVE-2023-22638", }, { db: "JVNDB", id: "JVNDB-2023-004331", }, { db: "CNNVD", id: "CNNVD-202302-1424", }, { db: "NVD", id: "CVE-2023-22638", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULHUB", id: "VHN-450600", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2023-22638", }, { date: "2023-10-30T00:00:00", db: "JVNDB", id: "JVNDB-2023-004331", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1424", }, { date: "2023-02-16T19:15:13.977000", db: "NVD", id: "CVE-2023-22638", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-27T00:00:00", db: "VULHUB", id: "VHN-450600", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2023-22638", }, { date: "2023-10-30T01:13:00", db: "JVNDB", id: "JVNDB-2023-004331", }, { date: "2023-02-28T00:00:00", db: "CNNVD", id: "CNNVD-202302-1424", }, { date: "2023-11-07T04:07:11.260000", db: "NVD", id: "CVE-2023-22638", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1424", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC Cross-site scripting vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-004331", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202302-1424", }, ], trust: 0.6, }, }
var-202305-0133
Vulnerability from variot
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from insufficiently protected credentials
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0133", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.8", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.2.7", }, { model: "fortinac", scope: "lt", trust: 1, vendor: "fortinet", version: "9.4.2", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac-f", scope: "eq", trust: 1, vendor: "fortinet", version: "7.2.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, ], sources: [ { db: "NVD", id: "CVE-2022-45859", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.2", versionStartIncluding: "9.4.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.2.7", versionStartIncluding: "9.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1.8", versionStartIncluding: "8.7.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-45859", }, ], }, cve: "CVE-2022-45859", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2022-45859", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2022-45859", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202305-191", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-45859", }, { db: "CNNVD", id: "CNNVD-202305-191", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from insufficiently protected credentials", sources: [ { db: "NVD", id: "CVE-2022-45859", }, { db: "CNNVD", id: "CNNVD-202305-191", }, { db: "VULMON", id: "CVE-2022-45859", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-45859", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202305-191", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-45859", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-45859", }, { db: "NVD", id: "CVE-2022-45859", }, { db: "CNNVD", id: "CNNVD-202305-191", }, ], }, id: "VAR-202305-0133", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-05-12T22:52:07.188000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fortinet FortiNAC Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235765", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-191", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-522", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-45859", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-456", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-45859/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-45859", }, { db: "NVD", id: "CVE-2022-45859", }, { db: "CNNVD", id: "CNNVD-202305-191", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-45859", }, { db: "NVD", id: "CVE-2022-45859", }, { db: "CNNVD", id: "CNNVD-202305-191", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-03T00:00:00", db: "VULMON", id: "CVE-2022-45859", }, { date: "2023-05-03T22:15:00", db: "NVD", id: "CVE-2022-45859", }, { date: "2023-05-03T00:00:00", db: "CNNVD", id: "CNNVD-202305-191", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-04T00:00:00", db: "VULMON", id: "CVE-2022-45859", }, { date: "2023-05-11T17:48:00", db: "NVD", id: "CVE-2022-45859", }, { date: "2023-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202305-191", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202305-191", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Security hole", sources: [ { db: "CNNVD", id: "CNNVD-202305-191", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202305-191", }, ], trust: 0.6, }, }
var-202302-1299
Vulnerability from variot
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. fortinet's FortiNAC Exists in a vulnerability in inserting or modifying arguments.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper neutralization of parameters. The following versions are affected: 9.4.0, 9.2.0 to 9.2.5, 9.1.0 to 9.1.7, 8.8.0 to 8.8.11, 8.7.0 to 8.7.6, Version 8.6.0 to version 8.6.5, version 8.5.0 to version 8.5.4, version 8.3.7
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1299", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.7", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.5", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.5", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.6.0 to 8.6.5", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.2.0 to 9.2.5", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.7.0 to 8.7.6", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.1.0 to 9.1.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.5.0 to 8.5.4", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.8.0 to 8.8.11", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019899", }, { db: "NVD", id: "CVE-2022-40677", }, ], }, cve: "CVE-2022-40677", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-40677", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2022-40677", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-40677", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-40677", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2022-40677", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-40677", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202302-1432", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019899", }, { db: "CNNVD", id: "CNNVD-202302-1432", }, { db: "NVD", id: "CVE-2022-40677", }, { db: "NVD", id: "CVE-2022-40677", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. fortinet's FortiNAC Exists in a vulnerability in inserting or modifying arguments.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from improper neutralization of parameters. The following versions are affected: 9.4.0, 9.2.0 to 9.2.5, 9.1.0 to 9.1.7, 8.8.0 to 8.8.11, 8.7.0 to 8.7.6, Version 8.6.0 to version 8.6.5, version 8.5.0 to version 8.5.4, version 8.3.7", sources: [ { db: "NVD", id: "CVE-2022-40677", }, { db: "JVNDB", id: "JVNDB-2022-019899", }, { db: "CNNVD", id: "CNNVD-202302-1432", }, { db: "VULHUB", id: "VHN-436490", }, { db: "VULMON", id: "CVE-2022-40677", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-40677", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2022-019899", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1432", trust: 0.6, }, { db: "VULHUB", id: "VHN-436490", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-40677", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-436490", }, { db: "VULMON", id: "CVE-2022-40677", }, { db: "JVNDB", id: "JVNDB-2022-019899", }, { db: "CNNVD", id: "CNNVD-202302-1432", }, { db: "NVD", id: "CVE-2022-40677", }, ], }, id: "VAR-202302-1299", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-436490", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:37:08.480000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-280", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-22-280", }, { title: "Fortinet FortiNAC Repair measures for parameter injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226974", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019899", }, { db: "CNNVD", id: "CNNVD-202302-1432", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-88", trust: 1.1, }, { problemtype: "Insert or change arguments (CWE-88) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-436490", }, { db: "JVNDB", id: "JVNDB-2022-019899", }, { db: "NVD", id: "CVE-2022-40677", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/psirt/fg-ir-22-280", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40677", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-40677/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-436490", }, { db: "VULMON", id: "CVE-2022-40677", }, { db: "JVNDB", id: "JVNDB-2022-019899", }, { db: "CNNVD", id: "CNNVD-202302-1432", }, { db: "NVD", id: "CVE-2022-40677", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-436490", }, { db: "VULMON", id: "CVE-2022-40677", }, { db: "JVNDB", id: "JVNDB-2022-019899", }, { db: "CNNVD", id: "CNNVD-202302-1432", }, { db: "NVD", id: "CVE-2022-40677", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULHUB", id: "VHN-436490", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-40677", }, { date: "2023-10-30T00:00:00", db: "JVNDB", id: "JVNDB-2022-019899", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1432", }, { date: "2023-02-16T19:15:13.250000", db: "NVD", id: "CVE-2022-40677", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-27T00:00:00", db: "VULHUB", id: "VHN-436490", }, { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2022-40677", }, { date: "2023-10-30T01:06:00", db: "JVNDB", id: "JVNDB-2022-019899", }, { date: "2023-02-28T00:00:00", db: "CNNVD", id: "CNNVD-202302-1432", }, { date: "2023-11-07T03:52:34.873000", db: "NVD", id: "CVE-2022-40677", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1432", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC Vulnerability in inserting or changing arguments in", sources: [ { db: "JVNDB", id: "JVNDB-2022-019899", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "parameter injection", sources: [ { db: "CNNVD", id: "CNNVD-202302-1432", }, ], trust: 0.6, }, }
var-202306-1039
Vulnerability from variot
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from improper permissions, privileges, and access control flaws
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-1039", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.1", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.8", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.6", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac-f", scope: "eq", trust: 1, vendor: "fortinet", version: "7.2.0", }, ], sources: [ { db: "NVD", id: "CVE-2023-22633", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1.8", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.6", versionStartIncluding: "9.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-22633", }, ], }, cve: "CVE-2023-22633", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2023-22633", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-22633", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202306-889", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-22633", }, { db: "CNNVD", id: "CNNVD-202306-889", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security flaw that stems from improper permissions, privileges, and access control flaws", sources: [ { db: "NVD", id: "CVE-2023-22633", }, { db: "CNNVD", id: "CNNVD-202306-889", }, ], trust: 1.44, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-22633", trust: 1.6, }, { db: "CNNVD", id: "CNNVD-202306-889", trust: 0.6, }, ], sources: [ { db: "NVD", id: "CVE-2023-22633", }, { db: "CNNVD", id: "CNNVD-202306-889", }, ], }, id: "VAR-202306-1039", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-06-19T22:49:05.461000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-22633", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://fortiguard.com/psirt/fg-ir-22-521", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-22633/", }, ], sources: [ { db: "NVD", id: "CVE-2023-22633", }, { db: "CNNVD", id: "CNNVD-202306-889", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "NVD", id: "CVE-2023-22633", }, { db: "CNNVD", id: "CNNVD-202306-889", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-13T09:15:00", db: "NVD", id: "CVE-2023-22633", }, { date: "2023-06-13T00:00:00", db: "CNNVD", id: "CNNVD-202306-889", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-17T01:40:00", db: "NVD", id: "CVE-2023-22633", }, { date: "2023-06-19T00:00:00", db: "CNNVD", id: "CNNVD-202306-889", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202306-889", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiNAC Security hole", sources: [ { db: "CNNVD", id: "CNNVD-202306-889", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202306-889", }, ], trust: 0.6, }, }
var-202303-0336
Vulnerability from variot
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. fortinet's FortiNAC Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper privilege management
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202303-0336", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.8.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.8.11", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.1", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.4", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.2.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.5", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "9.1.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.2.6", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.7.0", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "9.4.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "9.1.8", }, { model: "fortinac", scope: "eq", trust: 1, vendor: "fortinet", version: "8.3.7", }, { model: "fortinac", scope: "gte", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortinac", scope: "lte", trust: 1, vendor: "fortinet", version: "8.7.6", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.3.7", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.5.0 to 8.5.4", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.7.0 to 8.7.6", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.1.0 to 9.1.8", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.0", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.4.1", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "9.2.0 to 9.2.6", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.6.0 to 8.6.5", }, { model: "fortinac", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "8.8.0 to 8.8.11", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-020658", }, { db: "NVD", id: "CVE-2022-39953", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.6.5", versionStartIncluding: "8.6.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.8.11", versionStartIncluding: "8.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.7.6", versionStartIncluding: "8.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.5.4", versionStartIncluding: "8.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1.8", versionStartIncluding: "9.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.6", versionStartIncluding: "9.2.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-39953", }, ], }, cve: "CVE-2022-39953", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2022-39953", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-39953", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-39953", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202303-495", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-020658", }, { db: "CNNVD", id: "CNNVD-202303-495", }, { db: "NVD", id: "CVE-2022-39953", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. fortinet's FortiNAC Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from improper privilege management", sources: [ { db: "NVD", id: "CVE-2022-39953", }, { db: "JVNDB", id: "JVNDB-2022-020658", }, { db: "CNNVD", id: "CNNVD-202303-495", }, { db: "VULMON", id: "CVE-2022-39953", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-39953", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-020658", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202303-495", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-39953", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-39953", }, { db: "JVNDB", id: "JVNDB-2022-020658", }, { db: "CNNVD", id: "CNNVD-202303-495", }, { db: "NVD", id: "CVE-2022-39953", }, ], }, id: "VAR-202303-0336", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.1625, }, last_update_date: "2023-11-07T22:26:46.528000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-309", trust: 0.8, url: "https://fortiguard.com/psirt/fg-ir-22-309", }, { title: "Fortinet FortiNAC Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229005", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-020658", }, { db: "CNNVD", id: "CNNVD-202303-495", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-269", trust: 1, }, { problemtype: "Improper authority management (CWE-269) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-020658", }, { db: "NVD", id: "CVE-2022-39953", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-309", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-39953", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-39953/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-39953", }, { db: "JVNDB", id: "JVNDB-2022-020658", }, { db: "CNNVD", id: "CNNVD-202303-495", }, { db: "NVD", id: "CVE-2022-39953", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-39953", }, { db: "JVNDB", id: "JVNDB-2022-020658", }, { db: "CNNVD", id: "CNNVD-202303-495", }, { db: "NVD", id: "CVE-2022-39953", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-07T00:00:00", db: "VULMON", id: "CVE-2022-39953", }, { date: "2023-11-06T00:00:00", db: "JVNDB", id: "JVNDB-2022-020658", }, { date: "2023-03-07T00:00:00", db: "CNNVD", id: "CNNVD-202303-495", }, { date: "2023-03-07T17:15:00", db: "NVD", id: "CVE-2022-39953", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-07T00:00:00", db: "VULMON", id: "CVE-2022-39953", }, { date: "2023-11-06T07:34:00", db: "JVNDB", id: "JVNDB-2022-020658", }, { date: "2023-03-15T00:00:00", db: "CNNVD", id: "CNNVD-202303-495", }, { date: "2023-03-14T15:51:00", db: "NVD", id: "CVE-2022-39953", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202303-495", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiNAC Vulnerability in privilege management in", sources: [ { db: "JVNDB", id: "JVNDB-2022-020658", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202303-495", }, ], trust: 0.6, }, }
cve-2022-26117
Vulnerability from cvelistv5
Published
2022-07-18 00:00
Modified
2024-10-25 13:31
Severity ?
EPSS score ?
Summary
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiNAC |
Version: FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:56:37.812Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47", }, { tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-058", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-26117", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:12:35.607605Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:31:44.796Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below.", }, ], }, ], descriptions: [ { lang: "en", value: "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "PROOF_OF_CONCEPT", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "NOT_DEFINED", reportConfidence: "REASONABLE", scope: "UNCHANGED", temporalScore: 8, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-30T00:00:00", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47", }, { url: "https://fortiguard.com/psirt/FG-IR-22-058", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-26117", datePublished: "2022-07-18T00:00:00", dateReserved: "2022-02-25T00:00:00", dateUpdated: "2024-10-25T13:31:44.796Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38376
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-22 20:49
Severity ?
EPSS score ?
Summary
Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:54:03.638Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-273", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-273", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-38376", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T20:18:36.971265Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T20:49:55.702Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.7", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.8", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T18:06:24.667Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-273", url: "https://fortiguard.com/psirt/FG-IR-22-273", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-38376", datePublished: "2023-02-16T18:06:24.667Z", dateReserved: "2022-08-16T14:17:48.479Z", dateUpdated: "2024-10-22T20:49:55.702Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43065
Vulnerability from cvelistv5
Published
2021-12-09 09:15
Modified
2024-10-25 13:37
Severity ?
EPSS score ?
Summary
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-21-178 | x_refsource_CONFIRM | |
| https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiNAC |
Version: FortiNAC 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:47:13.400Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-21-178", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-43065", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:13:03.364281Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:37:33.111Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiNAC 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0", }, ], }, ], descriptions: [ { lang: "en", value: "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "FUNCTIONAL", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "NOT_DEFINED", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.6, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Escalation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-22T19:51:15", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-21-178", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2021-43065", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiNAC", version: { version_data: [ { version_value: "FortiNAC 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.", }, ], }, impact: { cvss: { attackComplexity: "Low", attackVector: "Local", availabilityImpact: "High", baseScore: 7.6, baseSeverity: "High", confidentialityImpact: "High", integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", userInteraction: "None", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-21-178", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-21-178", }, { name: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h", refsource: "MISC", url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2021-43065", datePublished: "2021-12-09T09:15:04", dateReserved: "2021-10-28T00:00:00", dateUpdated: "2024-10-25T13:37:33.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45858
Vulnerability from cvelistv5
Published
2023-05-03 21:26
Modified
2024-10-22 20:46
Severity ?
EPSS score ?
Summary
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:24:02.964Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-452", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-452", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45858", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T20:18:05.923955Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T20:46:24.743Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.6", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.9", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { status: "affected", version: "7.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T21:26:54.032Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-452", url: "https://fortiguard.com/psirt/FG-IR-22-452", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-45858", datePublished: "2023-05-03T21:26:54.032Z", dateReserved: "2022-11-23T14:57:05.612Z", dateUpdated: "2024-10-22T20:46:24.743Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39946
Vulnerability from cvelistv5
Published
2023-06-13 08:41
Modified
2024-10-22 20:46
Severity ?
EPSS score ?
Summary
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:07:42.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-332", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-332", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-39946", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T20:18:04.710076Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T20:46:16.560Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.6", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.10", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:41:41.234Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-332", url: "https://fortiguard.com/psirt/FG-IR-22-332", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.3 or above\r\nPlease upgrade to FortiNAC version 9.2.8 or above\n ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-39946", datePublished: "2023-06-13T08:41:41.234Z", dateReserved: "2022-09-05T13:11:35.552Z", dateUpdated: "2024-10-22T20:46:16.560Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40675
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:32
Severity ?
EPSS score ?
Summary
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:21:46.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-312", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-312", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-40675", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:15:45.634338Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:32:50.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.7", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.8", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-310", description: "Information disclosure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T18:06:52.567Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-312", url: "https://fortiguard.com/psirt/FG-IR-22-312", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 7.2.0 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-40675", datePublished: "2023-02-16T18:06:52.567Z", dateReserved: "2022-09-14T13:17:43.616Z", dateUpdated: "2024-10-23T14:32:50.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33299
Vulnerability from cvelistv5
Published
2023-06-23 07:46
Modified
2024-10-23 14:25
Severity ?
EPSS score ?
Summary
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:36.130Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-074", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-23-074", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33299", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:19:07.431174Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:25:53.423Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.2", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.7", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.9", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, { lessThanOrEqual: "7.2.1", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-23T07:46:37.499Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-074", url: "https://fortiguard.com/psirt/FG-IR-23-074", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.3 or above Please upgrade to FortiNAC version 9.2.8 or above Please upgrade to FortiNAC version 9.1.10 or above Please upgrade to FortiNAC version 7.2.2 or above ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-33299", datePublished: "2023-06-23T07:46:37.499Z", dateReserved: "2023-05-22T07:58:22.196Z", dateUpdated: "2024-10-23T14:25:53.423Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40676
Vulnerability from cvelistv5
Published
2023-03-07 16:04
Modified
2024-10-23 14:31
Severity ?
EPSS score ?
Summary
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:21:46.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-281", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-281", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-40676", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:11:29.023466Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:31:22.301Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "9.4.0", }, { lessThanOrEqual: "9.2.5", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.8", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-07T16:04:55.119Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-281", url: "https://fortiguard.com/psirt/FG-IR-22-281", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.1 or above\r\nPlease upgrade to FortiNAC version 9.2.6 or above\r\nPlease upgrade to FortiNAC version 9.1.9 or above\r\nPlease upgrade to FortiNAC version 7.2.0 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-40676", datePublished: "2023-03-07T16:04:55.119Z", dateReserved: "2022-09-14T13:17:43.616Z", dateUpdated: "2024-10-23T14:31:22.301Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26203
Vulnerability from cvelistv5
Published
2023-05-03 21:27
Modified
2024-10-23 14:27
Severity ?
EPSS score ?
Summary
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:39:06.592Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-520", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-520", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-26203", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:11:06.726078Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:27:47.396Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.7", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.9", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { status: "affected", version: "7.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T21:27:00.343Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-520", url: "https://fortiguard.com/psirt/FG-IR-22-520", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.3 or above\r\nPlease upgrade to FortiNAC-F version 7.2.1 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-26203", datePublished: "2023-05-03T21:27:00.343Z", dateReserved: "2023-02-20T15:09:20.635Z", dateUpdated: "2024-10-23T14:27:47.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33300
Vulnerability from cvelistv5
Published
2025-03-14 15:46
Modified
2025-03-14 17:24
Severity ?
EPSS score ?
Summary
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-33300", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-14T17:20:10.717955Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-14T17:24:11.918Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [], defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.3", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.1", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T15:46:48.352Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-096", url: "https://fortiguard.com/psirt/FG-IR-23-096", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.2 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-33300", datePublished: "2025-03-14T15:46:48.352Z", dateReserved: "2023-05-22T07:58:22.196Z", dateUpdated: "2025-03-14T17:24:11.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-24011
Vulnerability from cvelistv5
Published
2021-05-10 11:43
Modified
2024-10-25 13:58
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-20-038 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiNAC |
Version: FortiNAC 8.8.1 and below |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:10.058Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-20-038", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-24011", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T13:58:53.523155Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:58:57.729Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiNAC 8.8.1 and below", }, ], }, ], descriptions: [ { lang: "en", value: "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Escalation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-10T11:43:18", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-20-038", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2021-24011", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiNAC", version: { version_data: [ { version_value: "FortiNAC 8.8.1 and below", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.", }, ], }, impact: { cvss: { attackComplexity: "Low", attackVector: "Adjacent", availabilityImpact: "Low", baseScore: 6.2, baseSeverity: "Medium", confidentialityImpact: "Low", integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", userInteraction: "None", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-20-038", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-20-038", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2021-24011", datePublished: "2021-05-10T11:43:18", dateReserved: "2021-01-13T00:00:00", dateUpdated: "2024-10-25T13:58:57.729Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39952
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:32
Severity ?
EPSS score ?
Summary
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:07:42.912Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-300", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-300", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-39952", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:19:10.326522Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:32:41.984Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "9.4.0", }, { lessThanOrEqual: "9.2.5", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.7", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T18:06:55.108Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-300", url: "https://fortiguard.com/psirt/FG-IR-22-300", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC version 7.2.0 or above ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-39952", datePublished: "2023-02-16T18:06:55.108Z", dateReserved: "2022-09-05T13:11:35.553Z", dateUpdated: "2024-10-23T14:32:41.984Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22633
Vulnerability from cvelistv5
Published
2023-06-13 08:41
Modified
2024-10-23 14:26
Severity ?
EPSS score ?
Summary
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:13:49.456Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-521", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-521", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22633", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:15:36.164159Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:26:31.560Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.6", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.8", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { status: "affected", version: "7.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-264", description: "Denial of service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:41:44.268Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-521", url: "https://fortiguard.com/psirt/FG-IR-22-521", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above\r\nPlease upgrade to FortiNAC version 9.1.9 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-22633", datePublished: "2023-06-13T08:41:44.268Z", dateReserved: "2023-01-05T10:06:31.521Z", dateUpdated: "2024-10-23T14:26:31.560Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-26116
Vulnerability from cvelistv5
Published
2022-05-11 07:20
Modified
2024-10-25 13:31
Severity ?
EPSS score ?
Summary
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-22-062 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiNAC |
Version: FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:56:37.765Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-062", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-26116", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:12:37.375269Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:31:55.266Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below.", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "PROOF_OF_CONCEPT", integrityImpact: "HIGH", privilegesRequired: "HIGH", remediationLevel: "NOT_DEFINED", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.8, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-11T07:20:10", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/psirt/FG-IR-22-062", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2022-26116", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiNAC", version: { version_data: [ { version_value: "FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below.", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.", }, ], }, impact: { cvss: { attackComplexity: "Low", attackVector: "Network", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", userInteraction: "None", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Execute unauthorized code or commands", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/psirt/FG-IR-22-062", refsource: "CONFIRM", url: "https://fortiguard.com/psirt/FG-IR-22-062", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-26116", datePublished: "2022-05-11T07:20:10", dateReserved: "2022-02-25T00:00:00", dateUpdated: "2024-10-25T13:31:55.266Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26206
Vulnerability from cvelistv5
Published
2024-02-15 13:59
Modified
2024-08-02 11:39
Severity ?
EPSS score ?
Summary
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-26206", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-05T19:50:54.521966Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:25:53.649Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T11:39:06.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-063", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-23-063", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.2", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.8", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.10", status: "affected", version: "9.1.0", versionType: "semver", }, { status: "affected", version: "7.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-15T13:59:23.207Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-063", url: "https://fortiguard.com/psirt/FG-IR-23-063", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.3 or above \n", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-26206", datePublished: "2024-02-15T13:59:23.207Z", dateReserved: "2023-02-20T15:09:20.635Z", dateUpdated: "2024-08-02T11:39:06.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22637
Vulnerability from cvelistv5
Published
2023-05-03 21:27
Modified
2024-10-23 14:27
Severity ?
EPSS score ?
Summary
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:13:49.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-013", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-23-013", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22637", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:11:05.236636Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:27:38.847Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.2", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.7", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.9", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T21:27:03.507Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-013", url: "https://fortiguard.com/psirt/FG-IR-23-013", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.3 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-22637", datePublished: "2023-05-03T21:27:03.507Z", dateReserved: "2023-01-05T10:06:31.522Z", dateUpdated: "2024-10-23T14:27:38.847Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-31488
Vulnerability from cvelistv5
Published
2024-05-14 16:19
Modified
2024-08-02 01:52
Severity ?
EPSS score ?
Summary
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortinac", vendor: "fortinet", versions: [ { lessThanOrEqual: "9.4.3", status: "affected", version: "9.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortinac", vendor: "fortinet", versions: [ { lessThanOrEqual: "9.2.8", status: "affected", version: "9.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortinac", vendor: "fortinet", versions: [ { lessThanOrEqual: "9.1..10", status: "affected", version: "9.1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortinac", vendor: "fortinet", versions: [ { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortinac", vendor: "fortinet", versions: [ { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortinac", vendor: "fortinet", versions: [ { lessThanOrEqual: "7.2.2", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-31488", options: [ { Exploitation: "None", }, { Automatable: "No", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2024-05-17T04:00:23.122383Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:36:26.094Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:52:57.296Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-24-040", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-24-040", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.3", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.8", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.10", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "7.2.2", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-14T16:19:08.151Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-24-040", url: "https://fortiguard.com/psirt/FG-IR-24-040", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.5 or above \nPlease upgrade to FortiNAC version 7.4.0 or above \nPlease upgrade to FortiNAC version 7.2.4 or above \n", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-31488", datePublished: "2024-05-14T16:19:08.151Z", dateReserved: "2024-04-04T12:52:41.585Z", dateUpdated: "2024-08-02T01:52:57.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43951
Vulnerability from cvelistv5
Published
2023-04-11 16:05
Modified
2024-10-23 14:30
Severity ?
EPSS score ?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:47:04.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-409", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-409", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-43951", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:15:39.451206Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:30:12.648Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.7", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.9", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "Information disclosure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T16:05:46.705Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-409", url: "https://fortiguard.com/psirt/FG-IR-22-409", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-43951", datePublished: "2023-04-11T16:05:46.705Z", dateReserved: "2022-10-27T07:40:06.589Z", dateUpdated: "2024-10-23T14:30:12.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39954
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:45
Severity ?
EPSS score ?
Summary
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:07:42.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-304", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-304", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-39954", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:15:46.786394Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:45:55.394Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.7", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.8", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "Information disclosure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T18:06:50.083Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-304", url: "https://fortiguard.com/psirt/FG-IR-22-304", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 7.2.0 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-39954", datePublished: "2023-02-16T18:06:50.083Z", dateReserved: "2022-09-05T13:11:35.554Z", dateUpdated: "2024-10-23T14:45:55.394Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45859
Vulnerability from cvelistv5
Published
2023-05-03 21:26
Modified
2024-10-22 20:46
Severity ?
EPSS score ?
Summary
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:24:03.182Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-456", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-456", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45859", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T20:18:08.454234Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T20:46:40.435Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.6", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.8", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T21:26:47.577Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-456", url: "https://fortiguard.com/psirt/FG-IR-22-456", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above\nAfter the upgrade, the CLI account password should be changed.\r\nTo know which accounts require a new password, the following command can be run:\ngrep \":\\$1\" /etc/shadow\nThen, login to the CLI with that user and type \"passwd\" to change the password and update the hash.", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-45859", datePublished: "2023-05-03T21:26:47.577Z", dateReserved: "2022-11-23T14:57:05.612Z", dateUpdated: "2024-10-22T20:46:40.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22638
Vulnerability from cvelistv5
Published
2023-02-16 18:07
Modified
2024-10-23 14:32
Severity ?
EPSS score ?
Summary
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:13:49.511Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-260", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-260", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22638", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:11:35.344234Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:32:18.357Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.7", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.8", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T18:07:06.780Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-260", url: "https://fortiguard.com/psirt/FG-IR-22-260", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.0 or above,\r\nPlease upgrade to FortiNAC version 9.4.2 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-22638", datePublished: "2023-02-16T18:07:06.780Z", dateReserved: "2023-01-05T10:06:31.522Z", dateUpdated: "2024-10-23T14:32:18.357Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38375
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:46
Severity ?
EPSS score ?
Summary
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:54:03.270Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-329", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-329", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-38375", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:15:48.274436Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:46:49.340Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.6", status: "affected", version: "9.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T18:06:21.944Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-329", url: "https://fortiguard.com/psirt/FG-IR-22-329", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-38375", datePublished: "2023-02-16T18:06:21.944Z", dateReserved: "2022-08-16T14:17:48.479Z", dateUpdated: "2024-10-23T14:46:49.340Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39953
Vulnerability from cvelistv5
Published
2023-03-07 16:04
Modified
2024-10-23 14:31
Severity ?
EPSS score ?
Summary
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:07:42.941Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-309", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-309", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-39953", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:11:30.278524Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:31:37.161Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.6", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.8", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "Escalation of privilege", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-07T16:04:40.876Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-309", url: "https://fortiguard.com/psirt/FG-IR-22-309", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.2 or above Please upgrade to FortiNAC version 9.2.7 or above Please upgrade to FortiNAC version 9.1.9 or above Please upgrade to FortiNAC version 7.2.0 or above ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-39953", datePublished: "2023-03-07T16:04:40.876Z", dateReserved: "2022-09-05T13:11:35.553Z", dateUpdated: "2024-10-23T14:31:37.161Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45860
Vulnerability from cvelistv5
Published
2023-05-03 21:26
Modified
2024-10-23 14:27
Severity ?
EPSS score ?
Summary
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:24:03.201Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-464", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-464", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45860", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:15:37.857189Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:27:55.045Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.2", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.6", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.9", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1390", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T21:26:57.148Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-464", url: "https://fortiguard.com/psirt/FG-IR-22-464", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.3 or above\r\nPlease upgrade to FortiNAC-F version 7.2.1 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-45860", datePublished: "2023-05-03T21:26:57.148Z", dateReserved: "2022-11-23T14:57:05.613Z", dateUpdated: "2024-10-23T14:27:55.045Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41021
Vulnerability from cvelistv5
Published
2021-12-08 17:48
Modified
2024-10-25 13:39
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-21-182 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiNAC |
Version: FortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:59:31.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-21-182", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-41021", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:13:08.920154Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:39:11.891Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0", }, ], }, ], descriptions: [ { lang: "en", value: "A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "NOT_DEFINED", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.8, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Escalation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-08T17:48:06", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-21-182", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2021-41021", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiNAC", version: { version_data: [ { version_value: "FortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.", }, ], }, impact: { cvss: { attackComplexity: "Low", attackVector: "Local", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", userInteraction: "None", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-21-182", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-21-182", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2021-41021", datePublished: "2021-12-08T17:48:06", dateReserved: "2021-09-13T00:00:00", dateUpdated: "2024-10-25T13:39:11.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40678
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:46
Severity ?
EPSS score ?
Summary
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:21:46.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-265", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-265", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-40678", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:11:39.590106Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:46:07.411Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "9.4.0", }, { lessThanOrEqual: "9.2.5", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.7", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "Information disclosure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T18:06:47.487Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-265", url: "https://fortiguard.com/psirt/FG-IR-22-265", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.1 or above\r\nPlease upgrade to FortiNAC version 9.2.6 or above\r\nPlease upgrade to FortiNAC version 9.1.8 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-40678", datePublished: "2023-02-16T18:06:47.487Z", dateReserved: "2022-09-14T13:17:43.617Z", dateUpdated: "2024-10-23T14:46:07.411Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40677
Vulnerability from cvelistv5
Published
2023-02-16 18:06
Modified
2024-10-23 14:32
Severity ?
EPSS score ?
Summary
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:21:46.434Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-280", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-280", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-40677", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:11:38.204687Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:32:34.591Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "9.4.0", }, { lessThanOrEqual: "9.2.5", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.7", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, { lessThanOrEqual: "8.6.5", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.4", status: "affected", version: "8.5.0", versionType: "semver", }, { status: "affected", version: "8.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-88", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T18:06:57.630Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-280", url: "https://fortiguard.com/psirt/FG-IR-22-280", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC version 7.2.0 or above ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-40677", datePublished: "2023-02-16T18:06:57.630Z", dateReserved: "2022-09-14T13:17:43.617Z", dateUpdated: "2024-10-23T14:32:34.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12816
Vulnerability from cvelistv5
Published
2020-09-24 13:29
Modified
2024-10-25 14:00
Severity ?
EPSS score ?
Summary
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-20-002 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiNAC |
Version: FortiNAC before 8.7.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.874Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-20-002", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-12816", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T13:59:09.742141Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:00:57.750Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiNAC", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiNAC before 8.7.2", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.", }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-24T13:29:01", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-20-002", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2020-12816", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiNAC", version: { version_data: [ { version_value: "FortiNAC before 8.7.2", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Execute unauthorized code or commands", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-20-002", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-20-002", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2020-12816", datePublished: "2020-09-24T13:29:01", dateReserved: "2020-05-12T00:00:00", dateUpdated: "2024-10-25T14:00:57.750Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5594
Vulnerability from cvelistv5
Published
2019-08-23 20:10
Modified
2024-10-25 14:05
Severity ?
EPSS score ?
Summary
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-19-140 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Fortinet FortiNAC |
Version: FortiNAC 8.3.0 to 8.3.6 and 8.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:50.783Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-19-140", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-5594", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T13:59:48.118067Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:05:42.451Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiNAC", vendor: "n/a", versions: [ { status: "affected", version: "FortiNAC 8.3.0 to 8.3.6 and 8.5.0", }, ], }, ], descriptions: [ { lang: "en", value: "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.", }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-23T20:10:54", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-19-140", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2019-5594", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiNAC", version: { version_data: [ { version_value: "FortiNAC 8.3.0 to 8.3.6 and 8.5.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Execute unauthorized code or commands", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-19-140", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-19-140", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2019-5594", datePublished: "2019-08-23T20:10:54", dateReserved: "2019-01-07T00:00:00", dateUpdated: "2024-10-25T14:05:42.451Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43950
Vulnerability from cvelistv5
Published
2023-05-03 21:26
Modified
2024-10-22 20:46
Severity ?
EPSS score ?
Summary
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions,
8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:47:04.368Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-407", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-407", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-43950", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T20:18:07.298715Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T20:46:32.741Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiNAC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "9.4.1", status: "affected", version: "9.4.0", versionType: "semver", }, { lessThanOrEqual: "9.2.7", status: "affected", version: "9.2.0", versionType: "semver", }, { lessThanOrEqual: "9.1.9", status: "affected", version: "9.1.0", versionType: "semver", }, { lessThanOrEqual: "8.8.11", status: "affected", version: "8.8.0", versionType: "semver", }, { lessThanOrEqual: "8.7.6", status: "affected", version: "8.7.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, \r\n 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T21:26:50.797Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-407", url: "https://fortiguard.com/psirt/FG-IR-22-407", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC-F version 7.2.1 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-43950", datePublished: "2023-05-03T21:26:50.797Z", dateReserved: "2022-10-27T07:40:06.589Z", dateUpdated: "2024-10-22T20:46:32.741Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }