HIGH🇬🇧 English

CVE-2022-39946

CVSS 7.6v3.1pub. 2023-06-13upd. 2024-11-21

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
  • Fortinet Fortinac

    APP
    Fortinet
    9.4.09.4.19.4.28.8.0 – 8.8.118.5.0 – 8.5.49.2.0 – 9.2.89.1.0 – 9.1.108.6.0 – 8.6.58.7.0 – 8.7.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-33299CRITICAL9.8ten sam produkt

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier...

CVE-2022-38375CRITICAL9.1ten sam produkt

An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before...

CVE-2022-39952CRITICAL9.8ten sam produkt

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 throug...

CVE-2023-22633HIGH7.5ten sam produkt

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC...

CVE-2022-40676HIGH7.5ten sam produkt

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC ve...