Improper Certificate Validation in FortiNAC-F by Fortinet
CVE-2023-48785

4.4MEDIUM

Key Information:

Vendor
Fortinet
Vendor
CVE Published:
14 March 2025

Summary

An improper certificate validation issue in FortiNAC-F versions up to 7.2.4 could enable a remote, unauthenticated attacker to exploit this weakness. By manipulating HTTPS communications between FortiOS devices and FortiNAC-F, the attacker could conduct a Man-in-the-Middle attack, potentially compromising the confidentiality and integrity of the data transmitted across the network. Organizations are urged to assess their systems and apply necessary updates to mitigate this risk.

Affected Version(s)

FortiNAC-F 7.2.0 <= 7.2.4

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.