Improper Permissions and Access Control Vulnerability in FortiNAC by Fortinet
CVE-2023-22633
7.2HIGH
Summary
This vulnerability in FortiNAC products from Fortinet stems from improper permissions and access controls, which can be exploited by unauthenticated attackers. Attackers may leverage this weakness to launch a Denial of Service (DoS) attack against the affected devices through client-secure renegotiation. Multiple versions, including FortiNAC-F 7.2.0 and earlier, are susceptible, necessitating immediate attention and remediation to safeguard network security.
Affected Version(s)
FortiNAC 9.4.0 <= 9.4.1
FortiNAC 9.2.0 <= 9.2.6
FortiNAC 9.1.0 <= 9.1.8
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved