Improper Authorization Vulnerability in Fortinet FortiNAC
CVE-2022-38375

8.6HIGH

Key Information:

Vendor: Fortinet
Status: Fortinac
Vendor: CVE Published:; 16 February 2023

Summary

An improper authorization vulnerability exists in Fortinet FortiNAC versions 9.4.0 through 9.4.1 and before 9.2.6. This flaw allows unauthenticated users to execute certain administrative operations on the FortiNAC instance through specially crafted HTTP POST requests. This could lead to unauthorized access and manipulation of sensitive configurations, posing a significant risk to the security posture of affected networks.

Affected Version(s)

FortiNAC 9.4.0 <= 9.4.1

FortiNAC 9.2.0 <= 9.2.6

References

https://fortiguard.com/psirt/FG-IR-22-329

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Aug 16, 2022