CRITICAL🇬🇧 English

CVE-2022-38375

CVSS 9.1v3.1pub. 2023-02-16upd. 2024-11-21

An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Fortinet Fortinac

    APP
    Fortinet
    9.2.0 – 9.2.7 (bez)9.4.0 – 9.4.2 (bez)
  • Fortinet Fortinac F

    APP
    Fortinet
    < 7.2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2023-33299CRITICAL9.8ten sam produkt

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier...

CVE-2022-39952CRITICAL9.8ten sam produkt

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 throug...

CVE-2022-39946HIGH7.6ten sam produkt

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 al...

CVE-2023-22633HIGH7.5ten sam produkt

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC...