Improper Certificate Validation in FortiNAC-F by Fortinet
CVE-2023-48785
4.4MEDIUM
Summary
An improper certificate validation issue in FortiNAC-F versions up to 7.2.4 could enable a remote, unauthenticated attacker to exploit this weakness. By manipulating HTTPS communications between FortiOS devices and FortiNAC-F, the attacker could conduct a Man-in-the-Middle attack, potentially compromising the confidentiality and integrity of the data transmitted across the network. Organizations are urged to assess their systems and apply necessary updates to mitigate this risk.
Affected Version(s)
FortiNAC-F 7.2.0 <= 7.2.4
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved