Cryptographic Issues in Fortinet FortiNAC Product Line
CVE-2022-40675

6MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinac
Vendor: CVE Published:; 16 February 2023

Summary

Certain cryptographic vulnerabilities in Fortinet FortiNAC versions allow attackers to potentially decrypt and manipulate protocol communication messages. This could lead to unauthorized access and data exposure, thereby compromising the integrity of the network communications. It's crucial for users of affected versions to apply necessary updates and patches to mitigate these risks.

Affected Version(s)

FortiNAC 9.4.0 <= 9.4.1

FortiNAC 9.2.0 <= 9.2.7

FortiNAC 9.1.0 <= 9.1.8

References

https://fortiguard.com/psirt/FG-IR-22-312

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Sep 14, 2022