Search

Find a vulnerability

Search criteria

    102 vulnerabilities found for FortiNAC by Fortinet

    CERTFR-2026-AVI-0440

    Vulnerability from certfr_avis - Published: 2026-04-15 - Updated: 2026-04-15

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiSOAR FortiSOAR on-premise versions 7.6.x antérieures à 7.6.5 avec File Content Extraction Connector versions antérieures à 1.3.1
    Fortinet FortiNDR FortiNDR versions 7.x antérieures à 7.4.9
    Fortinet FortiNAC FortiNAC-F versions 7.6.x antérieures à 7.6.6
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.5
    Fortinet FortiManager FortiManager Cloud versions 7.x antérieures à 7.4.9
    Fortinet FortiWeb FortiWeb versions 7.x antérieures à 7.6.7
    Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.7
    Fortinet FortiSOAR FortiSOAR PaaS versions 7.3.x, 7.4.x et 7.5.x antérieures à 7.5.3 avec File Content Extraction Connector versions antérieures à 1.3.1
    Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.1
    Fortinet FortiSandbox FortiSandbox PaaS versions 5.0.x antérieures à 5.0.6
    Fortinet FortiManager FortiManager Cloud versions 7.6.x antérieures à 7.6.5
    Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.6
    Fortinet FortiOS FortiOS versions antérieures à 7.4.10
    Fortinet FortiDDoS FortiDDoS-F versions 7.2.x antérieures à 7.2.3
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.x antérieures à 7.4.9
    Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.5
    Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.x antérieures à 7.4.9
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.5
    Fortinet FortiPAM FortiPAM versions antérieures à 1.7.1
    Fortinet FortiWeb FortiWeb versions 8.0.x antérieures à 8.0.4
    Fortinet FortiManager FortiManager versions 7.x antérieures à 7.4.9
    Fortinet FortiProxy FortiProxy versions 7.x antérieures à 7.4.12
    Fortinet FortiSOAR FortiSOAR on-premise versions 7.3.x, 7.4.x et 7.5.x antérieures à 7.5.3 avec File Content Extraction Connector versions antérieures à 1.3.1
    Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.8
    Fortinet FortiSandbox FortiSandbox PaaS versions 4.2.x et 4.4.x antérieures à 4.4.9
    Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.6.x antérieures à 7.6.5
    Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.5
    Fortinet FortiClientEMS FortiClientEMS versions 7.x antérieures à 7.2.13
    Fortinet FortiSandbox FortiSandbox versions 4.2.x et 4.4.x antérieures à 4.4.9 (cette version reste affectée par la vulnérabilité CVE-2026-27316)
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.2
    Fortinet FortiClientEMS FortiClientEMS versions 7.4.x antérieures à 7.4.6
    Fortinet FortiSOAR FortiSOAR PaaS versions 7.6.x antérieures à 7.6.5 avec File Content Extraction Connector versions antérieures à 1.3.1
    References
    Bulletin de sécurité Fortinet FG-IR-26-111 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-110 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-101 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-120 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-105 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-106 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-102 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-114 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-107 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-109 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-115 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-119 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-103 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-108 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-125 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-121 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-100 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-118 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-124 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-113 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-127 2026-04-15 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-117 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-122 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-104 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-112 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-126 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-116 2026-04-14 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.5 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC-F versions 7.6.x ant\u00e9rieures \u00e0 7.6.6",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.x ant\u00e9rieures \u00e0 7.6.7",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR PaaS versions 7.3.x, 7.4.x et 7.5.x ant\u00e9rieures \u00e0 7.5.3 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 5.0.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.10",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiDDoS-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
          "product": {
            "name": "FortiDDoS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.7.1",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.4.12",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR on-premise versions 7.3.x, 7.4.x et 7.5.x ant\u00e9rieures \u00e0 7.5.3 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 4.2.x et 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientEMS versions 7.x ant\u00e9rieures \u00e0 7.2.13",
          "product": {
            "name": "FortiClientEMS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 4.2.x et 4.4.x ant\u00e9rieures \u00e0 4.4.9 (cette version reste affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2026-27316)",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiClientEMS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR PaaS versions 7.6.x ant\u00e9rieures \u00e0 7.6.5 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-39809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39809"
        },
        {
          "name": "CVE-2025-61848",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61848"
        },
        {
          "name": "CVE-2026-22155",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22155"
        },
        {
          "name": "CVE-2026-39812",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39812"
        },
        {
          "name": "CVE-2026-21741",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21741"
        },
        {
          "name": "CVE-2026-27316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27316"
        },
        {
          "name": "CVE-2025-61624",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61624"
        },
        {
          "name": "CVE-2026-39808",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39808"
        },
        {
          "name": "CVE-2026-22574",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22574"
        },
        {
          "name": "CVE-2025-61886",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61886"
        },
        {
          "name": "CVE-2024-23104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23104"
        },
        {
          "name": "CVE-2026-39811",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39811"
        },
        {
          "name": "CVE-2026-39814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39814"
        },
        {
          "name": "CVE-2026-39810",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39810"
        },
        {
          "name": "CVE-2026-25691",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25691"
        },
        {
          "name": "CVE-2026-22576",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22576"
        },
        {
          "name": "CVE-2026-22573",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22573"
        },
        {
          "name": "CVE-2026-39815",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39815"
        },
        {
          "name": "CVE-2026-21742",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21742"
        },
        {
          "name": "CVE-2026-22828",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22828"
        },
        {
          "name": "CVE-2026-22154",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22154"
        },
        {
          "name": "CVE-2026-23708",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23708"
        },
        {
          "name": "CVE-2025-53847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53847"
        },
        {
          "name": "CVE-2026-39813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39813"
        },
        {
          "name": "CVE-2025-68649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68649"
        },
        {
          "name": "CVE-2025-59809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59809"
        },
        {
          "name": "CVE-2026-40688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40688"
        }
      ],
      "initial_release_date": "2026-04-15T00:00:00",
      "last_revision_date": "2026-04-15T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0440",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-04-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-111",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-111"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-110",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-110"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-101",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-101"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-120",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-120"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-105",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-105"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-106",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-106"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-102",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-102"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-114",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-114"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-107",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-107"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-109",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-109"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-115",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-115"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-119",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-119"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-103",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-103"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-108",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-108"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-125",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-125"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-121",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-121"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-100",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-100"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-118",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-118"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-124",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-124"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-113",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-113"
        },
        {
          "published_at": "2026-04-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-127",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-127"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-117",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-117"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-122",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-122"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-104",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-104"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-112",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-112"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-126",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-126"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-116",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-116"
        }
      ]
    }

    CERTFR-2024-AVI-0404

    Vulnerability from certfr_avis - Published: 2024-05-15 - Updated: 2024-05-15

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Fortinet FortiProxy FortiProxy 7.0.x versions antérieures à 7.0.14
    Fortinet FortiProxy FortiProxy 7.4.x versions antérieures à 7.4.2
    Fortinet N/A FortiWebManager 6.0.x toutes versions
    Fortinet FortiWeb FortiWeb 7.0.x toutes versions pour la vulnérabilité CVE-2024-23665
    Fortinet FortiNAC FortiNAC 8.7.x toutes versions
    Fortinet FortiNAC FortiNAC 8.8.x toutes versions
    Fortinet FortiWeb FortiWeb 7.2.x versions antérieures à 7.2.8
    Fortinet FortiSOAR FortiSOAR 7.0.x toutes versions
    Fortinet N/A FortiAuthenticator 6.6.x versions antérieures à 6.6.1
    Fortinet FortiSOAR FortiSOAR cyops Connector versions antérieures à 2.1.0
    Fortinet FortiNAC FortiNAC 9.4.x versions antérieures à 9.4.5
    Fortinet FortiProxy FortiProxy 7.2.x versions antérieures à 7.2.8
    Fortinet FortiOS FortiOS 6.4.x toutes versions
    Fortinet FortiADC FortiADC 6.2.x toutes versions
    Fortinet FortiOS FortiOS 6.0.x toutes versions
    Fortinet FortiADC FortiADC 7.4.x versions antérieures à 7.4.2
    Fortinet FortiSwitchManager FortiSwitchManager 7.0.x versions antérieures à 7.0.3
    Fortinet FortiADC FortiADC 7.0.x toutes versions
    Fortinet FortiNAC FortiNAC 9.2.x toutes versions
    Fortinet FortiOS FortiOS 6.2.x toutes versions
    Fortinet N/A FortiAuthenticator 6.4.x toutes versions
    Fortinet FortiOS FortiOS 7.0.x versions antérieures à 7.0.13
    Fortinet FortiPortal FortiPortal 7.0.x versions antérieures à 7.0.7
    Fortinet FortiADC FortiADC 7.1.x toutes versions
    Fortinet FortiWeb FortiWeb 6.3.x toutes versions
    Fortinet FortiSOAR FortiSOAR 7.3.x versions antérieures à 7.3.1
    Fortinet FortiPAM FortiPAM 1.1.x versions antérieures à 1.1.1
    Fortinet FortiSOAR FortiSOAR 7.2.x toutes versions
    Fortinet FortiProxy FortiProxy 1.1.x toutes versions
    Fortinet FortiSandbox FortiSandbox 4.4.x versions antérieures à 4.4.5
    Fortinet N/A FortiVoice 7.0.x versions antérieures à 7.0.2
    Fortinet FortiProxy FortiProxy 1.2.x toutes versions
    Fortinet N/A FortiWebManager 7.0.x versions antérieures à 7.0.5
    Fortinet N/A FortiWebManager 6.3.x versions antérieures à 6.3.1
    Fortinet FortiProxy FortiProxy 2.0.x toutes versions
    Fortinet FortiWeb FortiWeb 7.0.x versions antérieures à 7.0.9
    Fortinet FortiWeb FortiWeb 7.4.x versions antérieures à 7.4.3
    Fortinet N/A FortiWebManager 6.2.x versions antérieures à 6.2.5
    Fortinet N/A FortiVoice 6.0.x toutes versions
    Fortinet N/A FortiWebManager 7.2.x versions antérieures à 7.2.1
    Fortinet FortiWeb FortiWeb 6.4.x toutes versions
    Fortinet FortiOS FortiOS 7.0 toutes versions pour les vulnérabilités CVE-2023-36640 et CVE-2023-45583
    Fortinet FortiPAM FortiPAM 1.0.x toutes versions
    Fortinet FortiOS FortiOS 7.2.x versions antérieures à 7.2.8
    Fortinet FortiSandbox FortiSandbox 4.2.x versions antérieures à 4.2.7
    Fortinet FortiPortal FortiPortal 7.2.x versions antérieures à 7.2.2
    Fortinet FortiNAC FortiNAC 9.1.x toutes versions
    Fortinet FortiPortal FortiPortal 6.0.x versions antérieures à 6.0.15
    Fortinet N/A FortiVoice 6.4.x versions antérieures à 6.4.9
    Fortinet N/A FortiAuthenticator 6.5.x versions antérieures à 6.5.4
    Fortinet FortiADC FortiADC 7.2.x versions antérieures à 7.2.4
    Fortinet FortiOS FortiOS 7.4.x versions antérieures à 7.4.2
    Fortinet FortiSwitchManager FortiSwitchManager 7.2.x versions antérieures à 7.2.3
    Fortinet FortiNAC FortiNAC 7.2.x versions antérieures à 7.2.4
    Fortinet FortiProxy FortiProxy 1.0.x toutes versions

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiProxy 7.0.x versions ant\u00e9rieures \u00e0 7.0.14",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWebManager 6.0.x toutes versions",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb 7.0.x toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-23665",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC 8.7.x toutes versions",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC 8.8.x toutes versions",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR 7.0.x toutes versions",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator 6.6.x versions ant\u00e9rieures \u00e0 6.6.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR cyops Connector versions ant\u00e9rieures \u00e0 2.1.0",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC 9.4.x versions ant\u00e9rieures \u00e0 9.4.5",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 6.4.x toutes versions",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC 6.2.x toutes versions",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 6.0.x toutes versions",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager 7.0.x versions ant\u00e9rieures \u00e0 7.0.3",
          "product": {
            "name": "FortiSwitchManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC 7.0.x toutes versions",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC 9.2.x toutes versions",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 6.2.x toutes versions",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator 6.4.x toutes versions",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 7.0.x versions ant\u00e9rieures \u00e0 7.0.13",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal 7.0.x versions ant\u00e9rieures \u00e0 7.0.7",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC 7.1.x toutes versions",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb 6.3.x toutes versions",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR 7.3.x versions ant\u00e9rieures \u00e0 7.3.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM 1.1.x versions ant\u00e9rieures \u00e0 1.1.1",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR 7.2.x toutes versions",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 1.1.x toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 4.4.x versions ant\u00e9rieures \u00e0 4.4.5",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice 7.0.x versions ant\u00e9rieures \u00e0 7.0.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 1.2.x toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWebManager 7.0.x versions ant\u00e9rieures \u00e0 7.0.5",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWebManager 6.3.x versions ant\u00e9rieures \u00e0 6.3.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 2.0.x toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb 7.0.x versions ant\u00e9rieures \u00e0 7.0.9",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb 7.4.x versions ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWebManager 6.2.x versions ant\u00e9rieures \u00e0 6.2.5",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice 6.0.x toutes versions",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWebManager 7.2.x versions ant\u00e9rieures \u00e0 7.2.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb 6.4.x toutes versions",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 7.0 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2023-36640 et CVE-2023-45583",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM 1.0.x toutes versions",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 4.2.x versions ant\u00e9rieures \u00e0 4.2.7",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal 7.2.x versions ant\u00e9rieures \u00e0 7.2.2",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC 9.1.x toutes versions",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal 6.0.x versions ant\u00e9rieures \u00e0 6.0.15",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice 6.4.x versions ant\u00e9rieures \u00e0 6.4.9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator 6.5.x versions ant\u00e9rieures \u00e0 6.5.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager 7.2.x versions ant\u00e9rieures \u00e0 7.2.3",
          "product": {
            "name": "FortiSwitchManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 1.0.x toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2024-26007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26007"
        },
        {
          "name": "CVE-2024-27316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27316"
        },
        {
          "name": "CVE-2023-40720",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40720"
        },
        {
          "name": "CVE-2023-45288",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
        },
        {
          "name": "CVE-2023-48789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48789"
        },
        {
          "name": "CVE-2024-21760",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21760"
        },
        {
          "name": "CVE-2023-44247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44247"
        },
        {
          "name": "CVE-2024-31493",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31493"
        },
        {
          "name": "CVE-2024-23664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23664"
        },
        {
          "name": "CVE-2023-50180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-50180"
        },
        {
          "name": "CVE-2024-23670",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23670"
        },
        {
          "name": "CVE-2024-3302",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-3302"
        },
        {
          "name": "CVE-2024-27983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
        },
        {
          "name": "CVE-2023-45583",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45583"
        },
        {
          "name": "CVE-2024-31488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31488"
        },
        {
          "name": "CVE-2023-46714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46714"
        },
        {
          "name": "CVE-2024-23667",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23667"
        },
        {
          "name": "CVE-2024-23107",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23107"
        },
        {
          "name": "CVE-2024-23105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23105"
        },
        {
          "name": "CVE-2024-24549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
        },
        {
          "name": "CVE-2023-45586",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45586"
        },
        {
          "name": "CVE-2024-23668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23668"
        },
        {
          "name": "CVE-2023-36640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-36640"
        },
        {
          "name": "CVE-2024-31491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31491"
        },
        {
          "name": "CVE-2024-23665",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23665"
        },
        {
          "name": "CVE-2024-30255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30255"
        },
        {
          "name": "CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "name": "CVE-2024-23669",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23669"
        }
      ],
      "initial_release_date": "2024-05-15T00:00:00",
      "last_revision_date": "2024-05-15T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0404",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-05-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-225 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-225"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-040 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-040"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-282 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-282"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-406 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-406"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-137 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-137"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-222 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-222"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-052 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-052"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-474 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-474"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-195 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-195"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-433 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-433"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-021 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-021"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-420 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-420"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-054 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-054"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-465 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-465"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-415 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-415"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-191 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-191"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-017 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-017"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-120 du 14 mai 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-120"
        }
      ]
    }

    CERTFR-2024-AVI-0287

    Vulnerability from certfr_avis - Published: 2024-04-10 - Updated: 2024-04-10

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Fortinet N/A FortiClientMac 7.0 versions antérieures à 7.0.11
    Fortinet N/A FortiClientLinux 7.0 versions antérieures à 7.0.11
    Fortinet FortiSandbox FortiSandbox 2.1 toutes versions
    Fortinet FortiManager FortiManager 7.2 versions antérieures à 7.2.5
    Fortinet FortiSandbox FortiSandbox 3.1 toutes versions
    Fortinet FortiManager FortiManager 7.0 versions antérieures à 7.0.11
    Fortinet FortiProxy FortiProxy 7.2 versions antérieures à 7.2.8
    Fortinet FortiSandbox FortiSandbox 2.2 toutes versions
    Fortinet FortiOS FortiOS 7.2 versions antérieures à 7.2.8
    Fortinet FortiProxy FortiProxy 7.4 versions antérieures à 7.4.2
    Fortinet FortiSandbox FortiSandbox 2.4 toutes versions
    Fortinet FortiOS FortiOS 6.4 toutes versions
    Fortinet FortiProxy FortiProxy 1.1 toutes versions
    Fortinet FortiSandbox FortiSandbox 3.2 toutes versions
    Fortinet N/A FortiClientLinux 7.2 versions antérieures à 7.2.1
    Fortinet FortiOS FortiOS 7.4 versions antérieures à 7.4.2
    Fortinet FortiSandbox FortiSandbox 2.3 toutes versions
    Fortinet FortiProxy FortiProxy 1.2 toutes versions
    Fortinet FortiSandbox FortiSandbox 4.4 versions antérieures à 4.4.5
    Fortinet FortiProxy FortiProxy 2.0 toutes versions
    Fortinet N/A FortiClientMac 7.2 versions antérieures à 7.2.4
    Fortinet FortiOS FortiOS 6.2 versions antérieures à 6.2.16
    Fortinet FortiSandbox FortiSandbox 2.5 toutes versions
    Fortinet FortiSandbox FortiSandbox 4.0 toutes versions
    Fortinet FortiSandbox FortiSandbox 2.0 toutes versions
    Fortinet FortiProxy FortiProxy 1.0 toutes versions
    Fortinet FortiSandbox FortiSandbox 4.2 versions antérieures à 4.2.7
    Fortinet FortiProxy FortiProxy 7.0 versions antérieures à 7.0.14
    Fortinet FortiOS FortiOS 6.0 toutes versions
    Fortinet FortiManager FortiManager 7.4 versions antérieures à 7.4.2
    Fortinet FortiNAC FortiNAC-F 7.2 versions antérieures à 7.2.5
    Fortinet FortiSandbox FortiSandbox 3.0 toutes versions
    Fortinet FortiOS FortiOS 7.0 toutes versions

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiClientMac 7.0 versions ant\u00e9rieures \u00e0 7.0.11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientLinux 7.0 versions ant\u00e9rieures \u00e0 7.0.11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 2.1 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager 7.2 versions ant\u00e9rieures \u00e0 7.2.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 3.1 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager 7.0 versions ant\u00e9rieures \u00e0 7.0.11",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 7.2 versions ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 2.2 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 7.2 versions ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 7.4 versions ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 2.4 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 6.4 toutes versions",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 1.1 toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 3.2 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientLinux 7.2 versions ant\u00e9rieures \u00e0 7.2.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 7.4 versions ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 2.3 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 1.2 toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 4.4 versions ant\u00e9rieures \u00e0 4.4.5",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 2.0 toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientMac 7.2 versions ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 6.2 versions ant\u00e9rieures \u00e0 6.2.16",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 2.5 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 4.0 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 2.0 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 1.0 toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 4.2 versions ant\u00e9rieures \u00e0 4.2.7",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 7.0 versions ant\u00e9rieures \u00e0 7.0.14",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 6.0 toutes versions",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager 7.4 versions ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC-F 7.2 versions ant\u00e9rieures \u00e0 7.2.5",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox 3.0 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 7.0 toutes versions",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2024-21756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21756"
        },
        {
          "name": "CVE-2023-47540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47540"
        },
        {
          "name": "CVE-2023-45590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45590"
        },
        {
          "name": "CVE-2023-48785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48785"
        },
        {
          "name": "CVE-2023-48784",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48784"
        },
        {
          "name": "CVE-2023-47542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47542"
        },
        {
          "name": "CVE-2024-31492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31492"
        },
        {
          "name": "CVE-2024-23671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23671"
        },
        {
          "name": "CVE-2023-47541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47541"
        },
        {
          "name": "CVE-2024-26014",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26014"
        },
        {
          "name": "CVE-2024-23662",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23662"
        },
        {
          "name": "CVE-2024-31487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31487"
        },
        {
          "name": "CVE-2023-45588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45588"
        },
        {
          "name": "CVE-2023-41677",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-41677"
        },
        {
          "name": "CVE-2024-21755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21755"
        }
      ],
      "initial_release_date": "2024-04-10T00:00:00",
      "last_revision_date": "2024-04-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0287",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-04-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire,\u00a0une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-060 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-060"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-009 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-009"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-419 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-419"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-454 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-454"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-224 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-224"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-345 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-345"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-416 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-416"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-411 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-411"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-288 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-288"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-413 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-413"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-087 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-087"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-489 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-489"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-493 du 09 avril 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-493"
        }
      ]
    }

    CERTFR-2024-AVI-0108

    Vulnerability from certfr_avis - Published: 2024-02-09 - Updated: 2024-04-10

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.3
    Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.3
    Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.2
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.4
    Fortinet FortiNAC FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions
    Fortinet FortiProxy FortiProxy 1.1 toutes versions
    Fortinet FortiNAC FortiNAC versions 7.2.x antérieures à 7.2.3
    Fortinet FortiOS FortiOS versions 7.0.x antérieures à 7.0.14 (Cette version reste affectée par la vulnérabilité CVE-2023-47537)
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.2
    Fortinet FortiAnalyzer FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
    Fortinet FortiPAM FortiPAM 1.0 toutes versions
    Fortinet FortiProxy FortiProxy 1.2 toutes versions
    Fortinet FortiOS FortiOS versions 6.2.x antérieures à 6.2.16
    Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.4
    Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.7
    Fortinet FortiPAM FortiPAM 1.2 toutes versions
    Fortinet FortiProxy FortiProxy 1.0 toutes versions
    Fortinet FortiClientEMS FortiClientEMS versions 7.0.x antérieures à 7.0.11
    Fortinet FortiClientEMS FortiClientEMS versions 7.2.x antérieures à 7.2.3
    Fortinet FortiOS FortiOS 6.0 toutes versions
    Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.3
    Fortinet FortiClientEMS FortiClientEMS 6.2 et 6.4 toutes versions
    Fortinet FortiNAC FortiNAC versions 9.4.x antérieures à 9.4.4
    Fortinet FortiProxy FortiProxy 7.0 toutes versions
    Fortinet FortiPAM FortiPAM 1.1 toutes versions
    Fortinet FortiManager FortiManager 6.2, 6.4 et 7.0 toutes versions
    Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.9
    Fortinet FortiAnalyzer FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions
    Fortinet FortiProxy FortiProxy versions 2.0.x antérieures à 2.0.14
    Fortinet FortiOS FortiOS versions 6.4.x antérieures à 6.4.15
    Fortinet FortiAnalyzer FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 1.1 toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.14 (Cette version reste affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2023-47537)",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM 1.0 toutes versions",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 1.2 toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM 1.2 toutes versions",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 1.0 toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
          "product": {
            "name": "FortiClientEMS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
          "product": {
            "name": "FortiClientEMS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS 6.0 toutes versions",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientEMS 6.2 et 6.4 toutes versions",
          "product": {
            "name": "FortiClientEMS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.4",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy 7.0 toutes versions",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM 1.1 toutes versions",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager 6.2, 6.4 et 7.0 toutes versions",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.14",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "name": "CVE-2023-45581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45581"
        },
        {
          "name": "CVE-2023-47537",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
        },
        {
          "name": "CVE-2024-21762",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
        },
        {
          "name": "CVE-2023-26206",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26206"
        },
        {
          "name": "CVE-2023-44253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44253"
        },
        {
          "name": "CVE-2024-23113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
        }
      ],
      "initial_release_date": "2024-02-09T00:00:00",
      "last_revision_date": "2024-04-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0108",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-02-09T00:00:00.000000"
        },
        {
          "description": "Ajout des syst\u00e8mes affect\u00e9s",
          "revision_date": "2024-02-15T00:00:00.000000"
        },
        {
          "description": "Ajout des syst\u00e8mes affect\u00e9s",
          "revision_date": "2024-04-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-268 du 08 f\u00e9vrier 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-268"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-301 du 08 f\u00e9vrier 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-301"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-063 du 08 f\u00e9vrier 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-063"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-357 du 08 f\u00e9vrier 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-357"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-397 du 08 f\u00e9vrier 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-397"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-029 du 08 f\u00e9vrier 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-029"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-015 du 08 f\u00e9vrier 2024",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-015"
        }
      ]
    }

    CVE-2023-33300 (GCVE-0-2023-33300)

    Vulnerability from nvd – Published: 2025-03-14 15:46 – Updated: 2025-03-14 17:24
    VLAI
    Summary
    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNAC Affected: 9.4.0 , ≤ 9.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-14T17:20:10.717955Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T17:24:11.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiNAC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.3",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server  communication port."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-14T15:46:48.352Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-096",
              "url": "https://fortiguard.com/psirt/FG-IR-23-096"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.2 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-33300",
        "datePublished": "2025-03-14T15:46:48.352Z",
        "dateReserved": "2023-05-22T07:58:22.196Z",
        "dateUpdated": "2025-03-14T17:24:11.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31488 (GCVE-0-2024-31488)

    Vulnerability from nvd – Published: 2024-05-14 16:19 – Updated: 2025-12-16 18:13
    VLAI
    Summary
    An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNAC Affected: 9.4.0 , ≤ 9.4.3 (semver)
    Affected: 9.2.0 , ≤ 9.2.8 (semver)
    Affected: 9.1.0 , ≤ 9.1.10 (semver)
    Affected: 8.8.0 , ≤ 8.8.11 (semver)
    Affected: 8.7.0 , ≤ 8.7.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.2 (semver)
    Create a notification for this product.
    fortinet fortinac Affected: 9.4.0 , ≤ 9.4.3 (custom)
        cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 9.2.0 , ≤ 9.2.8 (custom)
        cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 9.1.0 , ≤ 9.1..10 (custom)
        cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 8.8.0 , ≤ 8.8.11 (custom)
        cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 8.7.0 , ≤ 8.7.6 (custom)
        cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 7.2.0 , ≤ 7.2.2 (custom)
        cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "9.4.3",
                    "status": "affected",
                    "version": "9.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.8",
                    "status": "affected",
                    "version": "9.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "9.1..10",
                    "status": "affected",
                    "version": "9.1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "8.8.11",
                    "status": "affected",
                    "version": "8.8.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "8.7.6",
                    "status": "affected",
                    "version": "8.7.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.2",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31488",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-17T04:00:23.122383Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T18:13:18.228Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:52:57.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-24-040",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-24-040"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiNAC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.3",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.8",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.10",
                  "status": "affected",
                  "version": "9.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.11",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.6",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.2",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T16:19:08.151Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-24-040",
              "url": "https://fortiguard.com/psirt/FG-IR-24-040"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiNAC version 9.4.5 or above \nPlease upgrade to FortiNAC version 7.4.0 or above \nPlease upgrade to FortiNAC version 7.2.4 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-31488",
        "datePublished": "2024-05-14T16:19:08.151Z",
        "dateReserved": "2024-04-04T12:52:41.585Z",
        "dateUpdated": "2025-12-16T18:13:18.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-26206 (GCVE-0-2023-26206)

    Vulnerability from nvd – Published: 2024-02-15 13:59 – Updated: 2024-08-02 11:39
    VLAI
    Summary
    An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNAC Affected: 9.4.0 , ≤ 9.4.2 (semver)
    Affected: 9.2.0 , ≤ 9.2.8 (semver)
    Affected: 9.1.0 , ≤ 9.1.10 (semver)
    Affected: 7.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26206",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T19:50:54.521966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:25:53.649Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:39:06.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-063",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-063"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiNAC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.2",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.8",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.10",
                  "status": "affected",
                  "version": "9.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-15T13:59:23.207Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-063",
              "url": "https://fortiguard.com/psirt/FG-IR-23-063"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.3 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-26206",
        "datePublished": "2024-02-15T13:59:23.207Z",
        "dateReserved": "2023-02-20T15:09:20.635Z",
        "dateUpdated": "2024-08-02T11:39:06.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33299 (GCVE-0-2023-33299)

    Vulnerability from nvd – Published: 2023-06-23 07:46 – Updated: 2024-10-23 14:25
    VLAI
    Summary
    A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNAC Affected: 9.4.0 , ≤ 9.4.2 (semver)
    Affected: 9.2.0 , ≤ 9.2.7 (semver)
    Affected: 9.1.0 , ≤ 9.1.9 (semver)
    Affected: 8.8.0 , ≤ 8.8.11 (semver)
    Affected: 8.7.0 , ≤ 8.7.6 (semver)
    Affected: 8.6.0 , ≤ 8.6.5 (semver)
    Affected: 8.5.0 , ≤ 8.5.4 (semver)
    Affected: 8.3.7
    Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:36.130Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-074",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-074"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:19:07.431174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:25:53.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiNAC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.2",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.7",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.9",
                  "status": "affected",
                  "version": "9.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.11",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.6",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.5",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.4",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "8.3.7"
                },
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-23T07:46:37.499Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-074",
              "url": "https://fortiguard.com/psirt/FG-IR-23-074"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiNAC version 9.4.3 or above Please upgrade to FortiNAC version 9.2.8 or above Please upgrade to FortiNAC version 9.1.10 or above Please upgrade to FortiNAC version 7.2.2 or above "
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-33299",
        "datePublished": "2023-06-23T07:46:37.499Z",
        "dateReserved": "2023-05-22T07:58:22.196Z",
        "dateUpdated": "2024-10-23T14:25:53.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33300 (GCVE-0-2023-33300)

    Vulnerability from cvelistv5 – Published: 2025-03-14 15:46 – Updated: 2025-03-14 17:24
    VLAI
    Summary
    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNAC Affected: 9.4.0 , ≤ 9.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-14T17:20:10.717955Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T17:24:11.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiNAC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.3",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server  communication port."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-14T15:46:48.352Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-096",
              "url": "https://fortiguard.com/psirt/FG-IR-23-096"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.2 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-33300",
        "datePublished": "2025-03-14T15:46:48.352Z",
        "dateReserved": "2023-05-22T07:58:22.196Z",
        "dateUpdated": "2025-03-14T17:24:11.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31488 (GCVE-0-2024-31488)

    Vulnerability from cvelistv5 – Published: 2024-05-14 16:19 – Updated: 2025-12-16 18:13
    VLAI
    Summary
    An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNAC Affected: 9.4.0 , ≤ 9.4.3 (semver)
    Affected: 9.2.0 , ≤ 9.2.8 (semver)
    Affected: 9.1.0 , ≤ 9.1.10 (semver)
    Affected: 8.8.0 , ≤ 8.8.11 (semver)
    Affected: 8.7.0 , ≤ 8.7.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.2 (semver)
    Create a notification for this product.
    fortinet fortinac Affected: 9.4.0 , ≤ 9.4.3 (custom)
        cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 9.2.0 , ≤ 9.2.8 (custom)
        cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 9.1.0 , ≤ 9.1..10 (custom)
        cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 8.8.0 , ≤ 8.8.11 (custom)
        cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 8.7.0 , ≤ 8.7.6 (custom)
        cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortinac Affected: 7.2.0 , ≤ 7.2.2 (custom)
        cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "9.4.3",
                    "status": "affected",
                    "version": "9.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.8",
                    "status": "affected",
                    "version": "9.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "9.1..10",
                    "status": "affected",
                    "version": "9.1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "8.8.11",
                    "status": "affected",
                    "version": "8.8.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "8.7.6",
                    "status": "affected",
                    "version": "8.7.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortinac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.2",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31488",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-17T04:00:23.122383Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T18:13:18.228Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:52:57.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-24-040",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-24-040"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiNAC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.3",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.8",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.10",
                  "status": "affected",
                  "version": "9.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.11",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.6",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.2",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T16:19:08.151Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-24-040",
              "url": "https://fortiguard.com/psirt/FG-IR-24-040"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiNAC version 9.4.5 or above \nPlease upgrade to FortiNAC version 7.4.0 or above \nPlease upgrade to FortiNAC version 7.2.4 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-31488",
        "datePublished": "2024-05-14T16:19:08.151Z",
        "dateReserved": "2024-04-04T12:52:41.585Z",
        "dateUpdated": "2025-12-16T18:13:18.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-26206 (GCVE-0-2023-26206)

    Vulnerability from cvelistv5 – Published: 2024-02-15 13:59 – Updated: 2024-08-02 11:39
    VLAI
    Summary
    An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNAC Affected: 9.4.0 , ≤ 9.4.2 (semver)
    Affected: 9.2.0 , ≤ 9.2.8 (semver)
    Affected: 9.1.0 , ≤ 9.1.10 (semver)
    Affected: 7.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26206",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T19:50:54.521966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:25:53.649Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:39:06.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-063",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-063"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiNAC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.2",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.8",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.10",
                  "status": "affected",
                  "version": "9.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-15T13:59:23.207Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-063",
              "url": "https://fortiguard.com/psirt/FG-IR-23-063"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.3 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-26206",
        "datePublished": "2024-02-15T13:59:23.207Z",
        "dateReserved": "2023-02-20T15:09:20.635Z",
        "dateUpdated": "2024-08-02T11:39:06.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33299 (GCVE-0-2023-33299)

    Vulnerability from cvelistv5 – Published: 2023-06-23 07:46 – Updated: 2024-10-23 14:25
    VLAI
    Summary
    A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNAC Affected: 9.4.0 , ≤ 9.4.2 (semver)
    Affected: 9.2.0 , ≤ 9.2.7 (semver)
    Affected: 9.1.0 , ≤ 9.1.9 (semver)
    Affected: 8.8.0 , ≤ 8.8.11 (semver)
    Affected: 8.7.0 , ≤ 8.7.6 (semver)
    Affected: 8.6.0 , ≤ 8.6.5 (semver)
    Affected: 8.5.0 , ≤ 8.5.4 (semver)
    Affected: 8.3.7
    Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:36.130Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-074",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-074"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:19:07.431174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:25:53.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiNAC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.2",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.7",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.9",
                  "status": "affected",
                  "version": "9.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.11",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.6",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.5",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.4",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "8.3.7"
                },
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-23T07:46:37.499Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-074",
              "url": "https://fortiguard.com/psirt/FG-IR-23-074"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiNAC version 9.4.3 or above Please upgrade to FortiNAC version 9.2.8 or above Please upgrade to FortiNAC version 9.1.10 or above Please upgrade to FortiNAC version 7.2.2 or above "
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-33299",
        "datePublished": "2023-06-23T07:46:37.499Z",
        "dateReserved": "2023-05-22T07:58:22.196Z",
        "dateUpdated": "2024-10-23T14:25:53.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202112-0525

    Vulnerability from variot - Updated: 2024-11-23 22:32

    A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. FortiNAC Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that could allow an authenticated attacker to access sensitive system data, thereby elevating the authority of an authenticated user to an administrator

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0525",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.10"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.4"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.1.3  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.2.0  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.8.9  and earlier"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43065"
          }
        ]
      },
      "cve": "CVE-2021-43065",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-43065",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-404115",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-43065",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-015921",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-43065",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-43065",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-43065",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202112-524",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-404115",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43065"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43065"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. FortiNAC Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that could allow an authenticated attacker to access sensitive system data, thereby elevating the authority of an authenticated user to an administrator",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43065"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          },
          {
            "db": "VULHUB",
            "id": "VHN-404115"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-43065",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-524",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4151",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021120719",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-102801",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-404115",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43065"
          }
        ]
      },
      "id": "VAR-202112-0525",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404115"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:32:59.482000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-21-178",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-21-178"
          },
          {
            "title": "Fortinet FortiNAC Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173979"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.1
          },
          {
            "problemtype": "Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43065"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://github.com/orangecertcc/security-research/security/advisories/ghsa-8wx4-g5p9-348h"
          },
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-21-178"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43065"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021120719"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4151"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43065"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-404115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43065"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-404115"
          },
          {
            "date": "2022-12-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          },
          {
            "date": "2021-12-09T10:15:11.847000",
            "db": "NVD",
            "id": "CVE-2021-43065"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-404115"
          },
          {
            "date": "2022-12-02T07:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          },
          {
            "date": "2022-08-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          },
          {
            "date": "2024-11-21T06:28:37.820000",
            "db": "NVD",
            "id": "CVE-2021-43065"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "FortiNAC\u00a0 Vulnerability in improper permission assignment for critical resources in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015921"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-524"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202205-0408

    Vulnerability from variot - Updated: 2024-11-23 22:32

    Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. FortiNAC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC versions 8.3.7 to 9.2.2 have a SQL injection vulnerability that stems from insufficient sanitization of user-supplied data. The vulnerability could be exploited by a remote user to send a specially crafted request to an affected application to execute arbitrary SQL commands in the application database. SQL commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0408",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.2"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.2"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.5"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.11"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.2"
          },
          {
            "model": "fortinac",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26116"
          }
        ]
      },
      "cve": "CVE-2022-26116",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2022-26116",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-416877",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-26116",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2022-26116",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-26116",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-26116",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2022-26116",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-26116",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202205-2037",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-416877",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-26116",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-416877"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-26116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26116"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26116"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple improper neutralization of special elements used in SQL commands (\u0027SQL Injection\u0027) vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. FortiNAC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC versions 8.3.7 to 9.2.2 have a SQL injection vulnerability that stems from insufficient sanitization of user-supplied data. The vulnerability could be exploited by a remote user to send a specially crafted request to an affected application to execute arbitrary SQL commands in the application database. SQL commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-26116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          },
          {
            "db": "VULHUB",
            "id": "VHN-416877"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-26116"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-26116",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2022050319",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2037",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-50944",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-416877",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-26116",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-416877"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-26116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26116"
          }
        ]
      },
      "id": "VAR-202205-0408",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-416877"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:32:49.026000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-062",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-22-062"
          },
          {
            "title": "Fortinet FortiNAC SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193411"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-416877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26116"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-062"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022050319"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-26116/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-416877"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-26116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26116"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-416877"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-26116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26116"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-416877"
          },
          {
            "date": "2022-05-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-26116"
          },
          {
            "date": "2023-08-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "date": "2022-05-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          },
          {
            "date": "2022-05-11T08:15:06.687000",
            "db": "NVD",
            "id": "CVE-2022-26116"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-416877"
          },
          {
            "date": "2022-05-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-26116"
          },
          {
            "date": "2023-08-22T06:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          },
          {
            "date": "2022-05-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          },
          {
            "date": "2024-11-21T06:53:27.763000",
            "db": "NVD",
            "id": "CVE-2022-26116"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "FortiNAC\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011444"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2037"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202009-0095

    Vulnerability from variot - Updated: 2024-11-23 22:25

    An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. FortiNAC 8.7.2 and earlier versions have cross-site scripting vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0095",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.3"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12816"
          }
        ]
      },
      "cve": "CVE-2020-12816",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-12816",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-165532",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-12816",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12816",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202009-1378",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-165532",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12816"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortiNAC 8.7.2 and earlier versions have cross-site scripting vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          },
          {
            "db": "VULHUB",
            "id": "VHN-165532"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12816",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3261",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57049",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-165532",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12816"
          }
        ]
      },
      "id": "VAR-202009-0095",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165532"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:25:22.731000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129749"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165532"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12816"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-20-002"
          },
          {
            "trust": 1.6,
            "url": "https://www.fortiguard.com/psirt/fg-ir-20-002"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3261/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12816"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12816"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-165532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12816"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-165532"
          },
          {
            "date": "2020-09-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          },
          {
            "date": "2020-09-24T15:15:13.093000",
            "db": "NVD",
            "id": "CVE-2020-12816"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-165532"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          },
          {
            "date": "2024-11-21T05:00:19.927000",
            "db": "NVD",
            "id": "CVE-2020-12816"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet FortiNAC Cross-site scripting vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1378"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0099

    Vulnerability from variot - Updated: 2024-11-23 22:21

    An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. The admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0099",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.6"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fortinet",
            "version": "8.3.0 to  8.3.6"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.3.0,\u003c=8.3.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.3.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.3.4"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.3.3"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.3.2"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.3.1"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.3"
          },
          {
            "model": "fortinac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.5.1"
          },
          {
            "model": "fortinac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.3.7"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "db": "BID",
            "id": "109302"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5594"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fortinet:fortinac",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Johnatan Camargo from PBI | Dynamic IT Security.",
        "sources": [
          {
            "db": "BID",
            "id": "109302"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-5594",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-5594",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-22380",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-157029",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5594",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5594",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5594",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-22380",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-985",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-157029",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "db": "VULHUB",
            "id": "VHN-157029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5594"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nThe admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nFortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          },
          {
            "db": "BID",
            "id": "109302"
          },
          {
            "db": "VULHUB",
            "id": "VHN-157029"
          }
        ],
        "trust": 3.06
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5594",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "109302",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2651",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-157029",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "db": "VULHUB",
            "id": "VHN-157029"
          },
          {
            "db": "BID",
            "id": "109302"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5594"
          }
        ]
      },
      "id": "VAR-201908-0099",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "db": "VULHUB",
            "id": "VHN-157029"
          }
        ],
        "trust": 0.06999999999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:21:33.758000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-19-140",
            "trust": 0.8,
            "url": "https://fortiguard.com/psirt/FG-IR-19-140"
          },
          {
            "title": "Patch for Fortinet FortiNAC cross-site scripting vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/213611"
          },
          {
            "title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95287"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5594"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5594"
          },
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-19-140"
          },
          {
            "trust": 0.9,
            "url": "http://www.fortinet.com/"
          },
          {
            "trust": 0.9,
            "url": "https://fortiguard.com/psirt/fg-ir-19-140"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5594"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2651/"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityfocus.com/bid/109302"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "db": "VULHUB",
            "id": "VHN-157029"
          },
          {
            "db": "BID",
            "id": "109302"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5594"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "db": "VULHUB",
            "id": "VHN-157029"
          },
          {
            "db": "BID",
            "id": "109302"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5594"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "date": "2019-08-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-157029"
          },
          {
            "date": "2019-07-16T00:00:00",
            "db": "BID",
            "id": "109302"
          },
          {
            "date": "2019-08-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "date": "2019-07-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          },
          {
            "date": "2019-08-23T21:15:12.130000",
            "db": "NVD",
            "id": "CVE-2019-5594"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "date": "2019-08-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-157029"
          },
          {
            "date": "2019-07-16T00:00:00",
            "db": "BID",
            "id": "109302"
          },
          {
            "date": "2019-08-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008217"
          },
          {
            "date": "2019-08-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          },
          {
            "date": "2024-11-21T04:45:11.907000",
            "db": "NVD",
            "id": "CVE-2019-5594"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet FortiNAC cross-site scripting vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22380"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-985"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0384

    Vulnerability from variot - Updated: 2024-11-23 21:50

    A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. FortiNAC Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC 8.8.8 and earlier versions and 9.1.2 and earlier versions have security vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0384",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.1"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.3"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.4"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.2"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.8"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.1"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.2"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.7"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.1.2  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.8.8  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41021"
          }
        ]
      },
      "cve": "CVE-2021-41021",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-41021",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-402293",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2021-41021",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-41021",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-41021",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-41021",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-41021",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-41021",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202112-696",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-402293",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402293"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41021"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41021"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. FortiNAC Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC 8.8.8 and earlier versions and 9.1.2 and earlier versions have security vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-41021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          },
          {
            "db": "VULHUB",
            "id": "VHN-402293"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-41021",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-696",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-19076",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-402293",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402293"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41021"
          }
        ]
      },
      "id": "VAR-202112-0384",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402293"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:50:50.739000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-21-182",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-21-182"
          },
          {
            "title": "Fortinet FortiNAC Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174991"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-269",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402293"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41021"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-21-182"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41021"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402293"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41021"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-402293"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41021"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-402293"
          },
          {
            "date": "2022-12-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          },
          {
            "date": "2021-12-08T18:15:18.547000",
            "db": "NVD",
            "id": "CVE-2021-41021"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-402293"
          },
          {
            "date": "2022-12-05T07:57:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          },
          {
            "date": "2022-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          },
          {
            "date": "2024-11-21T06:25:16.950000",
            "db": "NVD",
            "id": "CVE-2021-41021"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "FortiNAC\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016056"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-696"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202302-1299

    Vulnerability from variot - Updated: 2024-08-14 15:37

    A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. fortinet's FortiNAC Exists in a vulnerability in inserting or modifying arguments.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper neutralization of parameters. The following versions are affected: 9.4.0, 9.2.0 to 9.2.5, 9.1.0 to 9.1.7, 8.8.0 to 8.8.11, 8.7.0 to 8.7.6, Version 8.6.0 to version 8.6.5, version 8.5.0 to version 8.5.4, version 8.3.7

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1299",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.7"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.5"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.11"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.2.0  to  9.2.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.7.0  to  8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.1.0  to  9.1.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.8.0  to  8.8.11"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40677"
          }
        ]
      },
      "cve": "CVE-2022-40677",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-40677",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2022-40677",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-40677",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-40677",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2022-40677",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-40677",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202302-1432",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40677"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40677"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. fortinet\u0027s FortiNAC Exists in a vulnerability in inserting or modifying arguments.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from improper neutralization of parameters. The following versions are affected: 9.4.0, 9.2.0 to 9.2.5, 9.1.0 to 9.1.7, 8.8.0 to 8.8.11, 8.7.0 to 8.7.6, Version 8.6.0 to version 8.6.5, version 8.5.0 to version 8.5.4, version 8.3.7",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          },
          {
            "db": "VULHUB",
            "id": "VHN-436490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40677"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-40677",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1432",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-436490",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40677",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40677"
          }
        ]
      },
      "id": "VAR-202302-1299",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436490"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T15:37:08.480000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-280",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-22-280"
          },
          {
            "title": "Fortinet FortiNAC Repair measures for parameter injection vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226974"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-88",
            "trust": 1.1
          },
          {
            "problemtype": "Insert or change arguments (CWE-88) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40677"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-280"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40677"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-40677/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40677"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-436490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40677"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-436490"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40677"
          },
          {
            "date": "2023-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          },
          {
            "date": "2023-02-16T19:15:13.250000",
            "db": "NVD",
            "id": "CVE-2022-40677"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-436490"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40677"
          },
          {
            "date": "2023-10-30T01:06:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          },
          {
            "date": "2023-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          },
          {
            "date": "2023-11-07T03:52:34.873000",
            "db": "NVD",
            "id": "CVE-2022-40677"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability in inserting or changing arguments in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019899"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "parameter injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1432"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202302-1445

    Vulnerability from variot - Updated: 2024-08-14 15:32

    Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1445",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.2"
          },
          {
            "model": "fortinac-f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "7.2.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.7"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac-f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "7.2.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "-f 7.2.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.7  to  9.2.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.0  that\u0027s all  9.4.2"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40675"
          }
        ]
      },
      "cve": "CVE-2022-40675",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2022-40675",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-40675",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-40675",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-40675",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2022-40675",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-40675",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202302-1433",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1433"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40675"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40675"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet\u0027s FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40675"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "db": "VULHUB",
            "id": "VHN-436488"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40675"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-40675",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1433",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-436488",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40675",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436488"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40675"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1433"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40675"
          }
        ]
      },
      "id": "VAR-202302-1445",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436488"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T15:32:14.414000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-312",
            "trust": 0.8,
            "url": "https://fortiguard.com/psirt/FG-IR-22-312"
          },
          {
            "title": "Fortinet FortiNAC Fixes for encryption problem vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226803"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1433"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-327",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436488"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40675"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-312"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40675"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-40675/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436488"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40675"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1433"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40675"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-436488"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40675"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1433"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40675"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-436488"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40675"
          },
          {
            "date": "2023-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1433"
          },
          {
            "date": "2023-02-16T19:15:13.187000",
            "db": "NVD",
            "id": "CVE-2022-40675"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-436488"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40675"
          },
          {
            "date": "2023-10-30T05:48:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          },
          {
            "date": "2023-02-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1433"
          },
          {
            "date": "2023-11-07T03:52:34.577000",
            "db": "NVD",
            "id": "CVE-2022-40675"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1433"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 and \u00a0FortiNAC-F\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004412"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1433"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202302-1417

    Vulnerability from variot - Updated: 2024-08-14 15:26

    Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1417",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.2"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  that\u0027s all  9.4.2"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38376"
          }
        ]
      },
      "cve": "CVE-2022-38376",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-38376",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2022-38376",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-38376",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2022-38376",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-38376",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202302-1439",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1439"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38376"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38376"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to\u00a0perform an XSS attack via crafted HTTP requests. fortinet\u0027s FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-38376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "db": "VULHUB",
            "id": "VHN-434170"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38376"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-38376",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1439",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-434170",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38376",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-434170"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1439"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38376"
          }
        ]
      },
      "id": "VAR-202302-1417",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-434170"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T15:26:48.076000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-273",
            "trust": 0.8,
            "url": "https://fortiguard.com/psirt/FG-IR-22-273"
          },
          {
            "title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226808"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1439"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-434170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38376"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-273"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38376"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-38376/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-434170"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1439"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38376"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-434170"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1439"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38376"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-434170"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-38376"
          },
          {
            "date": "2023-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1439"
          },
          {
            "date": "2023-02-16T19:15:12.860000",
            "db": "NVD",
            "id": "CVE-2022-38376"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-434170"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-38376"
          },
          {
            "date": "2023-10-30T07:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          },
          {
            "date": "2023-02-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1439"
          },
          {
            "date": "2023-11-07T03:50:06.630000",
            "db": "NVD",
            "id": "CVE-2022-38376"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1439"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004466"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1439"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202207-0114

    Vulnerability from variot - Updated: 2024-08-14 15:21

    An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0114",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.4"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.2"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.2"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.11"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.6"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.8.11  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.1.5  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.7.6  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.2.3  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.7  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.2  and earlier"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.5  and earlier"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26117"
          }
        ]
      },
      "cve": "CVE-2022-26117",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-26117",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-015258",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-26117",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2022-26117",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-015258",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202207-383",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26117"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26117"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-26117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          },
          {
            "db": "VULHUB",
            "id": "VHN-416878"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-26117",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-383",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3268",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070529",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-416878",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-416878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26117"
          }
        ]
      },
      "id": "VAR-202207-0114",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-416878"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T15:21:45.915000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-058",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-22-058"
          },
          {
            "title": "Fortinet FortiNAC Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=201341"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-521",
            "trust": 1.1
          },
          {
            "problemtype": "Weak password request (CWE-521) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-416878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26117"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/psirt/fg-ir-22-058"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/orangecertcc/security-research/security/advisories/ghsa-r259-5p5p-2q47"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26117"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-26117/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070529"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3268"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-416878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26117"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-416878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26117"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-416878"
          },
          {
            "date": "2023-09-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "date": "2022-07-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          },
          {
            "date": "2022-07-18T18:15:09.017000",
            "db": "NVD",
            "id": "CVE-2022-26117"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-416878"
          },
          {
            "date": "2023-09-26T05:07:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          },
          {
            "date": "2023-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          },
          {
            "date": "2023-02-16T19:28:48.090000",
            "db": "NVD",
            "id": "CVE-2022-26117"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "FortiNAC\u00a0 Vulnerability in requesting weak passwords in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015258"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-383"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202302-1327

    Vulnerability from variot - Updated: 2024-08-14 15:11

    Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1327",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.7"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.9"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.1"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.11"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.2.0  to  9.2.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.1.0  to  9.1.9"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.7.0  to  8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.1"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.8.0  to  8.8.11"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-22638"
          }
        ]
      },
      "cve": "CVE-2023-22638",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2023-22638",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-22638",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2023-22638",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-22638",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-22638",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-22638",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202302-1424",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-22638"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-22638"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC  9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet\u0027s FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-22638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          },
          {
            "db": "VULHUB",
            "id": "VHN-450600"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-22638"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-22638",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.1053",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1424",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-450600",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-22638",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-450600"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-22638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-22638"
          }
        ]
      },
      "id": "VAR-202302-1327",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-450600"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T15:11:01.538000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-260",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-22-260"
          },
          {
            "title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226968"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-450600"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-22638"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-260"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22638"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.1053"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-22638/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-450600"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-22638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-22638"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-450600"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-22638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-22638"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-450600"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-22638"
          },
          {
            "date": "2023-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          },
          {
            "date": "2023-02-16T19:15:13.977000",
            "db": "NVD",
            "id": "CVE-2023-22638"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-450600"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-22638"
          },
          {
            "date": "2023-10-30T01:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          },
          {
            "date": "2023-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          },
          {
            "date": "2023-11-07T04:07:11.260000",
            "db": "NVD",
            "id": "CVE-2023-22638"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004331"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1424"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202302-1269

    Vulnerability from variot - Updated: 2024-08-14 14:30

    An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1269",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.7"
          },
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.2"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac-f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "7.2.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "-f 7.2.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.2.0  that\u0027s all  9.2.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.0  that\u0027s all  9.4.2"
          },
          {
            "model": "fortinac-f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "7.2.0"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38375"
          }
        ]
      },
      "cve": "CVE-2022-38375",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-38375",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-38375",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-38375",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-38375",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2022-38375",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-38375",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202302-1440",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1440"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38375"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38375"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An improper authorization vulnerability [CWE-285]\u00a0 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. fortinet\u0027s FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-38375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "db": "VULHUB",
            "id": "VHN-434169"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38375"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-38375",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1440",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-434169",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38375",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-434169"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1440"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38375"
          }
        ]
      },
      "id": "VAR-202302-1269",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-434169"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T14:30:44.572000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-329",
            "trust": 0.8,
            "url": "https://fortiguard.com/psirt/FG-IR-22-329"
          },
          {
            "title": "Fortinet FortiNAC Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226809"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1440"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-285",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-863",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-434169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38375"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-329"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38375"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-38375/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-434169"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1440"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38375"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-434169"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-38375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1440"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-38375"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-434169"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-38375"
          },
          {
            "date": "2023-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1440"
          },
          {
            "date": "2023-02-16T19:15:12.797000",
            "db": "NVD",
            "id": "CVE-2022-38375"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-434169"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-38375"
          },
          {
            "date": "2023-10-30T07:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          },
          {
            "date": "2023-02-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1440"
          },
          {
            "date": "2023-11-07T03:50:06.460000",
            "db": "NVD",
            "id": "CVE-2022-38375"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1440"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 and \u00a0FortiNAC-F\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004465"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1440"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202302-1353

    Vulnerability from variot - Updated: 2024-08-14 14:30

    An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. fortinet's FortiNAC and FortiNAC-F for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1353",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.2"
          },
          {
            "model": "fortinac-f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "7.2.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.7"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac-f",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39954"
          }
        ]
      },
      "cve": "CVE-2022-39954",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-39954",
                "impactScore": 5.2,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-39954",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-39954",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-39954",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2022-39954",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-39954",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202302-1435",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1435"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39954"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39954"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. fortinet\u0027s FortiNAC and FortiNAC-F for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-39954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "db": "VULHUB",
            "id": "VHN-435751"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39954"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-39954",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.1054",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1435",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-435751",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39954",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-435751"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1435"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39954"
          }
        ]
      },
      "id": "VAR-202302-1353",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-435751"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T14:30:44.521000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-304",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-22-304"
          },
          {
            "title": "Fortinet FortiNAC Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226975"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1435"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-611",
            "trust": 1.1
          },
          {
            "problemtype": "XML Improper restriction of external entity references (CWE-611) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-435751"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39954"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-304"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-39954"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-39954/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.1054"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-435751"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1435"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39954"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-435751"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1435"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39954"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-435751"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-39954"
          },
          {
            "date": "2023-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1435"
          },
          {
            "date": "2023-02-16T19:15:13.120000",
            "db": "NVD",
            "id": "CVE-2022-39954"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-435751"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-39954"
          },
          {
            "date": "2023-10-30T01:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          },
          {
            "date": "2023-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1435"
          },
          {
            "date": "2023-11-07T03:50:41.493000",
            "db": "NVD",
            "id": "CVE-2022-39954"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1435"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 and \u00a0FortiNAC-F\u00a0 In \u00a0XML\u00a0 External entity vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019900"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1435"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202302-1271

    Vulnerability from variot - Updated: 2024-08-14 14:10

    A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. fortinet's FortiNAC Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1271",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.1"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.6"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.8"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.9"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.0  that\u0027s all  9.4.1"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.7  to  8.8.9"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.1.0  that\u0027s all  9.1.8"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.2.0  that\u0027s all  9.2.6"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39952"
          }
        ]
      },
      "cve": "CVE-2022-39952",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-39952",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-39952",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-39952",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2022-39952",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-39952",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202302-1434",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1434"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39952"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39952"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. fortinet\u0027s FortiNAC Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-39952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "db": "VULHUB",
            "id": "VHN-435749"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39952"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-39952",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1434",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-435749",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39952",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-435749"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1434"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39952"
          }
        ]
      },
      "id": "VAR-202302-1271",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-435749"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T14:10:18.628000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-300",
            "trust": 0.8,
            "url": "https://fortiguard.com/psirt/FG-IR-22-300"
          },
          {
            "title": "Fortinet FortiNAC Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226804"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Florian-R0th/CVE-2022-39952 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-39952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1434"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-73",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-668",
            "trust": 1.0
          },
          {
            "problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-610",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-435749"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39952"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-300"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-39952"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-39952/"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/florian-r0th/cve-2022-39952"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-435749"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1434"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39952"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-435749"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1434"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39952"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-435749"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-39952"
          },
          {
            "date": "2023-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1434"
          },
          {
            "date": "2023-02-16T19:15:13.060000",
            "db": "NVD",
            "id": "CVE-2022-39952"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-435749"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-39952"
          },
          {
            "date": "2023-10-30T06:18:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          },
          {
            "date": "2023-02-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1434"
          },
          {
            "date": "2023-11-07T03:50:41.250000",
            "db": "NVD",
            "id": "CVE-2022-39952"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1434"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability in leaking resources to the wrong area in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-004446"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1434"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202302-1489

    Vulnerability from variot - Updated: 2024-08-14 13:42

    An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. fortinet's FortiNAC There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability, which stems from. The following versions are affected: versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0through 8.5.4, 8.3.7

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1489",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.7"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.5"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.11"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.2.0  to  9.2.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.7.0  to  8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.1.0  to  9.1.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.8.0  to  8.8.11"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40678"
          }
        ]
      },
      "cve": "CVE-2022-40678",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-40678",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.4,
                "id": "CVE-2022-40678",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-40678",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-40678",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2022-40678",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-40678",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202302-1431",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40678"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40678"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. fortinet\u0027s FortiNAC There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability, which stems from. The following versions are affected: versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0through 8.5.4, 8.3.7",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          },
          {
            "db": "VULHUB",
            "id": "VHN-436491"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40678"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-40678",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1431",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-436491",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40678",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436491"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40678"
          }
        ]
      },
      "id": "VAR-202302-1489",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436491"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:42:03.849000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-265",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-22-265"
          },
          {
            "title": "Fortinet FortiNAC Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226973"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.1
          },
          {
            "problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40678"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-265"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40678"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-40678/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-436491"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40678"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-436491"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40678"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-436491"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40678"
          },
          {
            "date": "2023-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          },
          {
            "date": "2023-02-16T19:15:13.313000",
            "db": "NVD",
            "id": "CVE-2022-40678"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-436491"
          },
          {
            "date": "2023-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40678"
          },
          {
            "date": "2023-10-30T01:32:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          },
          {
            "date": "2023-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          },
          {
            "date": "2023-11-07T03:52:34.990000",
            "db": "NVD",
            "id": "CVE-2022-40678"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability regarding insufficient protection of authentication information in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019906"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202302-1431"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202105-0663

    Vulnerability from variot - Updated: 2024-08-14 12:07

    A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. FortiNAC Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. FortiNAC has vulnerabilities in permissions and access control issues. The vulnerabilities stem from the incorrect application of security restrictions. This vulnerability allows remote users to elevate privileges on the system. The following products and versions are affected: FortiNAC: 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.5.0, 8.5.1, 8.5 .2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.7.0, 8.7.1, 8.7.2, 8.7.4 , 8.7.5, 8.7.6, 8.8.0, 8.8.1. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202105-0663",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.2"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.8.2"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-24011"
          }
        ]
      },
      "cve": "CVE-2021-24011",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-24011",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-382729",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-24011",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-24011",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-24011",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-24011",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-24011",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-24011",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202105-180",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-382729",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-24011",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-382729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-24011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-24011"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-24011"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. FortiNAC Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortiNAC has vulnerabilities in permissions and access control issues. The vulnerabilities stem from the incorrect application of security restrictions. This vulnerability allows remote users to elevate privileges on the system. The following products and versions are affected: FortiNAC: 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.5.0, 8.5.1, 8.5 .2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.7.0, 8.7.1, 8.7.2, 8.7.4 , 8.7.5, 8.7.6, 8.8.0, 8.8.1. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-24011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULHUB",
            "id": "VHN-382729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-24011"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-24011",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1510",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021050506",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-180",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-382729",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-24011",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-382729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-24011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-24011"
          }
        ]
      },
      "id": "VAR-202105-0663",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-382729"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T12:07:14.793000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-20-038",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-20-038"
          },
          {
            "title": "Fortinet FortiNAC Fixes for permissions and access control issues vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151200"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-24011"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/advisory/fg-ir-20-038"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-24011"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1510"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021050506"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/269.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-382729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-24011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-24011"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-382729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-24011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-24011"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-05-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-382729"
          },
          {
            "date": "2021-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-24011"
          },
          {
            "date": "2022-01-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "date": "2021-05-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-05-10T12:15:07.640000",
            "db": "NVD",
            "id": "CVE-2021-24011"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-382729"
          },
          {
            "date": "2021-05-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-24011"
          },
          {
            "date": "2022-01-20T07:25:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          },
          {
            "date": "2022-05-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2022-05-03T16:04:40.443000",
            "db": "NVD",
            "id": "CVE-2021-24011"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "FortiNAC\u00a0 Vulnerability in privilege management",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006797"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-180"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202303-0444

    Vulnerability from variot - Updated: 2023-11-07 22:54

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202303-0444",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.11"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.5"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.8"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.7.0  to  8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.1.0  to  9.1.8"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.2.0  to  9.2.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.8.0  to  8.8.11"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40676"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.6.5",
                    "versionStartIncluding": "8.6.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.11",
                    "versionStartIncluding": "8.8.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.7.6",
                    "versionStartIncluding": "8.7.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.2.5",
                    "versionStartIncluding": "9.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.5.4",
                    "versionStartIncluding": "8.5.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.1.8",
                    "versionStartIncluding": "9.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40676"
          }
        ]
      },
      "cve": "CVE-2022-40676",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2022-40676",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2022-40676",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-40676",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202303-493",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40676"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. fortinet\u0027s FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40676"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-40676",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-493",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40676",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-40676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40676"
          }
        ]
      },
      "id": "VAR-202303-0444",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.1625
      },
      "last_update_date": "2023-11-07T22:54:39.500000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-281",
            "trust": 0.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-281"
          },
          {
            "title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229004"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40676"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/psirt/fg-ir-22-281"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40676"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-40676/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-40676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40676"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-40676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40676"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-03-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40676"
          },
          {
            "date": "2023-11-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "date": "2023-03-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          },
          {
            "date": "2023-03-07T17:15:00",
            "db": "NVD",
            "id": "CVE-2022-40676"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-03-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40676"
          },
          {
            "date": "2023-11-06T07:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          },
          {
            "date": "2023-03-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          },
          {
            "date": "2023-03-14T15:29:00",
            "db": "NVD",
            "id": "CVE-2022-40676"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020657"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-493"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202303-0336

    Vulnerability from variot - Updated: 2023-11-07 22:26

    A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. fortinet's FortiNAC Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper privilege management

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202303-0336",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.11"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.1"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.6"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.8"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.7.0  to  8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.1.0  to  9.1.8"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.4.1"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "9.2.0  to  9.2.6"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.8.0  to  8.8.11"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39953"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.6.5",
                    "versionStartIncluding": "8.6.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.11",
                    "versionStartIncluding": "8.8.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.7.6",
                    "versionStartIncluding": "8.7.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.5.4",
                    "versionStartIncluding": "8.5.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.1.8",
                    "versionStartIncluding": "9.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.2.6",
                    "versionStartIncluding": "9.2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-39953"
          }
        ]
      },
      "cve": "CVE-2022-39953",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-39953",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-39953",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-39953",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202303-495",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39953"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. fortinet\u0027s FortiNAC Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from improper privilege management",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-39953"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39953"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-39953",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-495",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-39953",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-39953"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39953"
          }
        ]
      },
      "id": "VAR-202303-0336",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.1625
      },
      "last_update_date": "2023-11-07T22:26:46.528000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-22-309",
            "trust": 0.8,
            "url": "https://fortiguard.com/psirt/fg-ir-22-309"
          },
          {
            "title": "Fortinet FortiNAC Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229005"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.0
          },
          {
            "problemtype": "Improper authority management (CWE-269) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39953"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/psirt/fg-ir-22-309"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-39953"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-39953/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-39953"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39953"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-39953"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39953"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-03-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-39953"
          },
          {
            "date": "2023-11-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "date": "2023-03-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          },
          {
            "date": "2023-03-07T17:15:00",
            "db": "NVD",
            "id": "CVE-2022-39953"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-03-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-39953"
          },
          {
            "date": "2023-11-06T07:34:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          },
          {
            "date": "2023-03-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          },
          {
            "date": "2023-03-14T15:51:00",
            "db": "NVD",
            "id": "CVE-2022-39953"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability in privilege management in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020658"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-495"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202306-1795

    Vulnerability from variot - Updated: 2023-07-04 22:27

    A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202306-1795",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.1.9"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.2"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.11"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.2.7"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.8.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "7.2.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "7.2.1"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.0"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.7.6"
          },
          {
            "model": "fortinac",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortinac",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.7"
          },
          {
            "model": "fortinac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "9.4.1"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-33299"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.6.5",
                    "versionStartIncluding": "8.6.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.11",
                    "versionStartIncluding": "8.8.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.7.6",
                    "versionStartIncluding": "8.7.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.5.4",
                    "versionStartIncluding": "8.5.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.2.7",
                    "versionStartIncluding": "9.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.1.9",
                    "versionStartIncluding": "9.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:7.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-33299"
          }
        ]
      },
      "cve": "CVE-2023-33299",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-33299",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-33299",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202306-1663",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-33299"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-33299"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-33299"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-33299",
            "trust": 1.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3637",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-33299",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-33299"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33299"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ]
      },
      "id": "VAR-202306-1795",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.1625
      },
      "last_update_date": "2023-07-04T22:27:30.586000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fortinet FortiNAC Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=244239"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-33299"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/psirt/fg-ir-23-074"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3637"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-33299/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-33299"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33299"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-33299"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33299"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-33299"
          },
          {
            "date": "2023-06-23T08:15:00",
            "db": "NVD",
            "id": "CVE-2023-33299"
          },
          {
            "date": "2023-06-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-33299"
          },
          {
            "date": "2023-07-03T18:59:00",
            "db": "NVD",
            "id": "CVE-2023-33299"
          },
          {
            "date": "2023-07-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet FortiNAC Code problem vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1663"
          }
        ],
        "trust": 0.6
      }
    }