Improper Certificate Validation in FortiNAC-F by Fortinet
CVE-2023-48785

4.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinac-f
Vendor: CVE Published:; 14 March 2025

What is CVE-2023-48785?

An improper certificate validation issue in FortiNAC-F versions up to 7.2.4 could enable a remote, unauthenticated attacker to exploit this weakness. By manipulating HTTPS communications between FortiOS devices and FortiNAC-F, the attacker could conduct a Man-in-the-Middle attack, potentially compromising the confidentiality and integrity of the data transmitted across the network. Organizations are urged to assess their systems and apply necessary updates to mitigate this risk.

Affected Version(s)

FortiNAC-F 7.2.0 <= 7.2.4

References

https://fortiguard.com/psirt/FG-IR-23-288

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Nov 19, 2023