Search criteria
145 vulnerabilities found for FortiNAC by Fortinet
FKIE_CVE-2023-33300
Vulnerability from fkie_nvd - Published: 2025-03-14 16:15 - Updated: 2025-07-23 21:13
Severity ?
Summary
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-096 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37ADB462-4770-4BBA-B289-845758ECA31D",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAD3A27-5617-45F9-A870-D96A9193BA01",
"versionEndExcluding": "9.4.4",
"versionStartIncluding": "9.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando (\u0027inyecci\u00f3n de comando\u0027) en Fortinet FortiNAC 7.2.1 y anteriores, 9.4.3 y anteriores permite a un atacante un acceso limitado y no autorizado a archivos a trav\u00e9s de una solicitud espec\u00edficamente manipulada en el puerto de comunicaci\u00f3n entre servidores."
}
],
"id": "CVE-2023-33300",
"lastModified": "2025-07-23T21:13:27.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-03-14T16:15:27.203",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-096"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-31488
Vulnerability from fkie_nvd - Published: 2024-05-14 17:17 - Updated: 2025-01-21 21:47
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-24-040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-24-040 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E178BCE-6212-4C9F-BDED-090DA849F9C1",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13B96979-AB7A-426A-A6D8-16D6D2295233",
"versionEndExcluding": "9.4.5",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de entradas durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web [CWE-79] en FortiNAC versi\u00f3n 9.4.0 a 9.4.4, 9.2.0 a 9.2.8, 9.1.0 a 9.1.10, 8.8.0 a 8.8.11, 8.7.0 a 8.7.6, 7.2.0 a 7.2.3 pueden permitir que un atacante remoto autenticado realice un ataque de Cross Site Scripting (XSS) almacenado y reflejado a trav\u00e9s de solicitudes HTTP manipuladas."
}
],
"id": "CVE-2024-31488",
"lastModified": "2025-01-21T21:47:47.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:17:23.733",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-24-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-24-040"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-26206
Vulnerability from fkie_nvd - Published: 2024-02-15 14:15 - Updated: 2024-11-21 07:50
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-063 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-23-063 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F09A9E-3804-43BE-95B8-67418FEF269E",
"versionEndIncluding": "9.1.10",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "225F8F74-D68C-444E-87E9-BC8AED05BB42",
"versionEndIncluding": "9.2.8",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "029D7D58-6515-42D5-8E9A-73845CCE15A8",
"versionEndIncluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF5B4CF-5BF9-4852-BD4F-5A27FD17EDC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de la p\u00e1gina web (\u0027cross-site scripting\u0027) en Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 y 7.2.0 permite a un atacante para ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de los campos de nombre observados en los registros de auditor\u00eda de pol\u00edticas."
}
],
"id": "CVE-2023-26206",
"lastModified": "2024-11-21T07:50:54.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-15T14:15:44.597",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-063"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
CVE-2023-33300 (GCVE-0-2023-33300)
Vulnerability from cvelistv5 – Published: 2025-03-14 15:46 – Updated: 2025-03-14 17:24
VLAI?
Summary
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.
Severity ?
CWE
- CWE-77 - Improper access control
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T17:20:10.717955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:24:11.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.3",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:46:48.352Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-096",
"url": "https://fortiguard.com/psirt/FG-IR-23-096"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-33300",
"datePublished": "2025-03-14T15:46:48.352Z",
"dateReserved": "2023-05-22T07:58:22.196Z",
"dateUpdated": "2025-03-14T17:24:11.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31488 (GCVE-0-2024-31488)
Vulnerability from cvelistv5 – Published: 2024-05-14 16:19 – Updated: 2025-12-16 18:13
VLAI?
Summary
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.3",
"status": "affected",
"version": "9.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "9.2.8",
"status": "affected",
"version": "9.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "9.1..10",
"status": "affected",
"version": "9.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:23.122383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:13:18.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-040",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-24-040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.3",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.8",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.10",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:19:08.151Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-040",
"url": "https://fortiguard.com/psirt/FG-IR-24-040"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.5 or above \nPlease upgrade to FortiNAC version 7.4.0 or above \nPlease upgrade to FortiNAC version 7.2.4 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-31488",
"datePublished": "2024-05-14T16:19:08.151Z",
"dateReserved": "2024-04-04T12:52:41.585Z",
"dateUpdated": "2025-12-16T18:13:18.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-26206 (GCVE-0-2023-26206)
Vulnerability from cvelistv5 – Published: 2024-02-15 13:59 – Updated: 2024-08-02 11:39
VLAI?
Summary
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T19:50:54.521966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:53.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-063",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.2",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.8",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.10",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T13:59:23.207Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-063",
"url": "https://fortiguard.com/psirt/FG-IR-23-063"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.3 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-26206",
"datePublished": "2024-02-15T13:59:23.207Z",
"dateReserved": "2023-02-20T15:09:20.635Z",
"dateUpdated": "2024-08-02T11:39:06.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33300 (GCVE-0-2023-33300)
Vulnerability from nvd – Published: 2025-03-14 15:46 – Updated: 2025-03-14 17:24
VLAI?
Summary
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.
Severity ?
CWE
- CWE-77 - Improper access control
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T17:20:10.717955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:24:11.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.3",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:46:48.352Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-096",
"url": "https://fortiguard.com/psirt/FG-IR-23-096"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-33300",
"datePublished": "2025-03-14T15:46:48.352Z",
"dateReserved": "2023-05-22T07:58:22.196Z",
"dateUpdated": "2025-03-14T17:24:11.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31488 (GCVE-0-2024-31488)
Vulnerability from nvd – Published: 2024-05-14 16:19 – Updated: 2025-12-16 18:13
VLAI?
Summary
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.3",
"status": "affected",
"version": "9.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "9.2.8",
"status": "affected",
"version": "9.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "9.1..10",
"status": "affected",
"version": "9.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortinac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:23.122383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:13:18.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-040",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-24-040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.3",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.8",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.10",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:19:08.151Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-040",
"url": "https://fortiguard.com/psirt/FG-IR-24-040"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.5 or above \nPlease upgrade to FortiNAC version 7.4.0 or above \nPlease upgrade to FortiNAC version 7.2.4 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-31488",
"datePublished": "2024-05-14T16:19:08.151Z",
"dateReserved": "2024-04-04T12:52:41.585Z",
"dateUpdated": "2025-12-16T18:13:18.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-26206 (GCVE-0-2023-26206)
Vulnerability from nvd – Published: 2024-02-15 13:59 – Updated: 2024-08-02 11:39
VLAI?
Summary
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T19:50:54.521966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:53.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-063",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.2",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.8",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.10",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T13:59:23.207Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-063",
"url": "https://fortiguard.com/psirt/FG-IR-23-063"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.4 or above \nPlease upgrade to FortiNAC version 7.2.3 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-26206",
"datePublished": "2024-02-15T13:59:23.207Z",
"dateReserved": "2023-02-20T15:09:20.635Z",
"dateUpdated": "2024-08-02T11:39:06.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2024-AVI-0404
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiAuthenticator 6.5.x versions antérieures à 6.5.4 | ||
| Fortinet | N/A | FortiVoice 7.0.x versions antérieures à 7.0.2 | ||
| Fortinet | N/A | FortiWebManager 7.0.x versions antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiWebManager 7.2.x versions antérieures à 7.2.1 | ||
| Fortinet | N/A | FortiWebManager 6.2.x versions antérieures à 6.2.5 | ||
| Fortinet | N/A | FortiAuthenticator 6.6.x versions antérieures à 6.6.1 | ||
| Fortinet | N/A | FortiWebManager 6.3.x versions antérieures à 6.3.1 | ||
| Fortinet | N/A | FortiWebManager 6.0.x toutes versions | ||
| Fortinet | N/A | FortiVoice 6.4.x versions antérieures à 6.4.9 | ||
| Fortinet | N/A | FortiAuthenticator 6.4.x toutes versions | ||
| Fortinet | N/A | FortiVoice 6.0.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 7.0.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 6.2.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 7.4.x versions antérieures à 7.4.2 | ||
| Fortinet | FortiADC | FortiADC 7.2.x versions antérieures à 7.2.4 | ||
| Fortinet | FortiADC | FortiADC 7.1.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 4.2.x versions antérieures à 4.2.7 | ||
| Fortinet | FortiSandbox | FortiSandbox 4.4.x versions antérieures à 4.4.5 | ||
| Fortinet | FortiPAM | FortiPAM 1.0.x toutes versions | ||
| Fortinet | FortiPAM | FortiPAM 1.1.x versions antérieures à 1.1.1 | ||
| Fortinet | FortiWeb | FortiWeb 7.2.x versions antérieures à 7.2.8 | ||
| Fortinet | FortiWeb | FortiWeb 6.4.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 7.4.x versions antérieures à 7.4.3 | ||
| Fortinet | FortiWeb | FortiWeb 7.0.x versions antérieures à 7.0.9 | ||
| Fortinet | FortiWeb | FortiWeb 7.0.x toutes versions pour la vulnérabilité CVE-2024-23665 | ||
| Fortinet | FortiWeb | FortiWeb 6.3.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 6.0.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 7.2.x versions antérieures à 7.2.8 | ||
| Fortinet | FortiOS | FortiOS 6.4.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 6.2.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 7.4.x versions antérieures à 7.4.2 | ||
| Fortinet | FortiOS | FortiOS 7.0.x versions antérieures à 7.0.13 | ||
| Fortinet | FortiOS | FortiOS 7.0 toutes versions pour les vulnérabilités CVE-2023-36640 et CVE-2023-45583 | ||
| Fortinet | FortiProxy | FortiProxy 1.1.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 7.0.x versions antérieures à 7.0.14 | ||
| Fortinet | FortiProxy | FortiProxy 7.2.x versions antérieures à 7.2.8 | ||
| Fortinet | FortiProxy | FortiProxy 1.0.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.2.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 2.0.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 7.4.x versions antérieures à 7.4.2 | ||
| Fortinet | FortiPortal | FortiPortal 7.0.x versions antérieures à 7.0.7 | ||
| Fortinet | FortiPortal | FortiPortal 6.0.x versions antérieures à 6.0.15 | ||
| Fortinet | FortiPortal | FortiPortal 7.2.x versions antérieures à 7.2.2 | ||
| Fortinet | FortiSOAR | FortiSOAR 7.2.x toutes versions | ||
| Fortinet | FortiSOAR | FortiSOAR 7.0.x toutes versions | ||
| Fortinet | FortiSOAR | FortiSOAR 7.3.x versions antérieures à 7.3.1 | ||
| Fortinet | FortiSOAR | FortiSOAR cyops Connector versions antérieures à 2.1.0 | ||
| Fortinet | FortiNAC | FortiNAC 8.8.x toutes versions | ||
| Fortinet | FortiNAC | FortiNAC 9.1.x toutes versions | ||
| Fortinet | FortiNAC | FortiNAC 9.4.x versions antérieures à 9.4.5 | ||
| Fortinet | FortiNAC | FortiNAC 8.7.x toutes versions | ||
| Fortinet | FortiNAC | FortiNAC 7.2.x versions antérieures à 7.2.4 | ||
| Fortinet | FortiNAC | FortiNAC 9.2.x toutes versions | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager 7.0.x versions antérieures à 7.0.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager 7.2.x versions antérieures à 7.2.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiAuthenticator 6.5.x versions ant\u00e9rieures \u00e0 6.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice 7.0.x versions ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 7.0.x versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 7.2.x versions ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 6.2.x versions ant\u00e9rieures \u00e0 6.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator 6.6.x versions ant\u00e9rieures \u00e0 6.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 6.3.x versions ant\u00e9rieures \u00e0 6.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 6.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice 6.4.x versions ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator 6.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice 6.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.2.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.2.x versions ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.4.x versions ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.0.x toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.1.x versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.4.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.4.x versions ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.0.x versions ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.0.x toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-23665",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.3.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.4.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.2.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.0.x versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.0 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2023-36640 et CVE-2023-45583",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.1.x toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.0.x versions ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.0.x toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.2.x toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 2.0.x toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal 7.0.x versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal 6.0.x versions ant\u00e9rieures \u00e0 6.0.15",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal 7.2.x versions ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR 7.2.x toutes versions",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR 7.0.x toutes versions",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR 7.3.x versions ant\u00e9rieures \u00e0 7.3.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR cyops Connector versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 8.8.x toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 9.1.x toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 9.4.x versions ant\u00e9rieures \u00e0 9.4.5",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 8.7.x toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 9.2.x toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager 7.0.x versions ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager 7.2.x versions ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26007"
},
{
"name": "CVE-2024-27316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27316"
},
{
"name": "CVE-2023-40720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40720"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-48789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48789"
},
{
"name": "CVE-2024-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21760"
},
{
"name": "CVE-2023-44247",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44247"
},
{
"name": "CVE-2024-31493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31493"
},
{
"name": "CVE-2024-23664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23664"
},
{
"name": "CVE-2023-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50180"
},
{
"name": "CVE-2024-23670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23670"
},
{
"name": "CVE-2024-3302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3302"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2023-45583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45583"
},
{
"name": "CVE-2024-31488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31488"
},
{
"name": "CVE-2023-46714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46714"
},
{
"name": "CVE-2024-23667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23667"
},
{
"name": "CVE-2024-23107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23107"
},
{
"name": "CVE-2024-23105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23105"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2023-45586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45586"
},
{
"name": "CVE-2024-23668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23668"
},
{
"name": "CVE-2023-36640",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36640"
},
{
"name": "CVE-2024-31491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31491"
},
{
"name": "CVE-2024-23665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23665"
},
{
"name": "CVE-2024-30255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30255"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2024-23669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23669"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0404",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-225 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-225"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-040 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-040"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-282 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-282"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-406 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-406"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-137 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-137"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-222 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-052 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-052"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-474 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-474"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-195 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-195"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-433 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-433"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-021 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-021"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-420 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-420"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-054 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-054"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-465 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-465"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-415 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-415"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-191 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-191"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-017 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-017"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-120 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-120"
}
]
}
CERTFR-2024-AVI-0287
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiClientMac 7.0 versions antérieures à 7.0.11 | ||
| Fortinet | N/A | FortiClientLinux 7.0 versions antérieures à 7.0.11 | ||
| Fortinet | FortiSandbox | FortiSandbox 2.1 toutes versions | ||
| Fortinet | FortiManager | FortiManager 7.2 versions antérieures à 7.2.5 | ||
| Fortinet | FortiSandbox | FortiSandbox 3.1 toutes versions | ||
| Fortinet | FortiManager | FortiManager 7.0 versions antérieures à 7.0.11 | ||
| Fortinet | FortiProxy | FortiProxy 7.2 versions antérieures à 7.2.8 | ||
| Fortinet | FortiSandbox | FortiSandbox 2.2 toutes versions | ||
| Fortinet | FortiOS | FortiOS 7.2 versions antérieures à 7.2.8 | ||
| Fortinet | FortiProxy | FortiProxy 7.4 versions antérieures à 7.4.2 | ||
| Fortinet | FortiSandbox | FortiSandbox 2.4 toutes versions | ||
| Fortinet | FortiOS | FortiOS 6.4 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.1 toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 3.2 toutes versions | ||
| Fortinet | N/A | FortiClientLinux 7.2 versions antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS 7.4 versions antérieures à 7.4.2 | ||
| Fortinet | FortiSandbox | FortiSandbox 2.3 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.2 toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 4.4 versions antérieures à 4.4.5 | ||
| Fortinet | FortiProxy | FortiProxy 2.0 toutes versions | ||
| Fortinet | N/A | FortiClientMac 7.2 versions antérieures à 7.2.4 | ||
| Fortinet | FortiOS | FortiOS 6.2 versions antérieures à 6.2.16 | ||
| Fortinet | FortiSandbox | FortiSandbox 2.5 toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 4.0 toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 2.0 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.0 toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 4.2 versions antérieures à 4.2.7 | ||
| Fortinet | FortiProxy | FortiProxy 7.0 versions antérieures à 7.0.14 | ||
| Fortinet | FortiOS | FortiOS 6.0 toutes versions | ||
| Fortinet | FortiManager | FortiManager 7.4 versions antérieures à 7.4.2 | ||
| Fortinet | FortiNAC | FortiNAC-F 7.2 versions antérieures à 7.2.5 | ||
| Fortinet | FortiSandbox | FortiSandbox 3.0 toutes versions | ||
| Fortinet | FortiOS | FortiOS 7.0 toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac 7.0 versions ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux 7.0 versions ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 2.1 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager 7.2 versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.1 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager 7.0 versions ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.2 versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 2.2 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.2 versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.4 versions ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 2.4 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.4 toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.1 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.2 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux 7.2 versions ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.4 versions ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 2.3 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.2 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.4 versions ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 2.0 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac 7.2 versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.2 versions ant\u00e9rieures \u00e0 6.2.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 2.5 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.0 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 2.0 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.0 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.2 versions ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.0 versions ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.0 toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager 7.4 versions ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F 7.2 versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.0 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.0 toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21756"
},
{
"name": "CVE-2023-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47540"
},
{
"name": "CVE-2023-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45590"
},
{
"name": "CVE-2023-48785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48785"
},
{
"name": "CVE-2023-48784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48784"
},
{
"name": "CVE-2023-47542",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47542"
},
{
"name": "CVE-2024-31492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31492"
},
{
"name": "CVE-2024-23671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23671"
},
{
"name": "CVE-2023-47541",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47541"
},
{
"name": "CVE-2024-26014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26014"
},
{
"name": "CVE-2024-23662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23662"
},
{
"name": "CVE-2024-31487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31487"
},
{
"name": "CVE-2023-45588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45588"
},
{
"name": "CVE-2023-41677",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41677"
},
{
"name": "CVE-2024-21755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21755"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0287",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire,\u00a0une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-060 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-060"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-009 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-009"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-419 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-419"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-454 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-454"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-224 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-224"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-345 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-345"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-416 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-416"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-411 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-411"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-288 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-288"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-413 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-413"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-087 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-087"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-489 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-489"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-493 du 09 avril 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-493"
}
]
}
CERTFR-2024-AVI-0108
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiNAC | FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.1 toutes versions | ||
| Fortinet | FortiNAC | FortiNAC versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.14 (Cette version reste affectée par la vulnérabilité CVE-2023-47537) | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiPAM | FortiPAM 1.0 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.2 toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.16 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiPAM | FortiPAM 1.2 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.0 toutes versions | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiOS | FortiOS 6.0 toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiClientEMS | FortiClientEMS 6.2 et 6.4 toutes versions | ||
| Fortinet | FortiNAC | FortiNAC versions 9.4.x antérieures à 9.4.4 | ||
| Fortinet | FortiProxy | FortiProxy 7.0 toutes versions | ||
| Fortinet | FortiPAM | FortiPAM 1.1 toutes versions | ||
| Fortinet | FortiManager | FortiManager 6.2, 6.4 et 7.0 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.14 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.1 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.14 (Cette version reste affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2023-47537)",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.0 toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.2 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.2 toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.0 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.0 toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS 6.2 et 6.4 toutes versions",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.4",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.0 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.1 toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager 6.2, 6.4 et 7.0 toutes versions",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.14",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45581"
},
{
"name": "CVE-2023-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
},
{
"name": "CVE-2024-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
},
{
"name": "CVE-2023-26206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26206"
},
{
"name": "CVE-2023-44253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44253"
},
{
"name": "CVE-2024-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0108",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-09T00:00:00.000000"
},
{
"description": "Ajout des syst\u00e8mes affect\u00e9s",
"revision_date": "2024-02-15T00:00:00.000000"
},
{
"description": "Ajout des syst\u00e8mes affect\u00e9s",
"revision_date": "2024-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-268 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-268"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-301 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-301"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-063 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-063"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-357 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-357"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-397 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-397"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-029 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-029"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-015 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-015"
}
]
}
VAR-202302-1271
Vulnerability from variot - Updated: 2023-12-18 13:59A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. fortinet's FortiNAC Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.9"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.8"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0 that\u0027s all 9.4.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7 to 8.8.9"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 that\u0027s all 9.1.8"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 that\u0027s all 9.2.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.1",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.6",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.8",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.9",
"versionStartIncluding": "8.3.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"cve": "CVE-2022-39952",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-39952",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-39952",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-39952",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1434",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. fortinet\u0027s FortiNAC Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "VULMON",
"id": "CVE-2022-39952"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39952",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-435749",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-39952",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
]
},
"id": "VAR-202302-1271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-435749"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:59:17.782000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-300",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-300"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226804"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/florian-r0th/cve-2022-39952 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-610",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-300"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39952"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39952/"
},
{
"trust": 0.1,
"url": "https://github.com/florian-r0th/cve-2022-39952"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-435749"
},
{
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-435749"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"date": "2023-02-16T19:15:13.060000",
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-435749"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39952"
},
{
"date": "2023-10-30T06:18:00",
"db": "JVNDB",
"id": "JVNDB-2023-004446"
},
{
"date": "2023-11-07T03:50:41.250000",
"db": "NVD",
"id": "CVE-2022-39952"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability in leaking resources to the wrong area in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004446"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1434"
}
],
"trust": 0.6
}
}
VAR-202302-1299
Vulnerability from variot - Updated: 2023-12-18 13:54A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. fortinet's FortiNAC Exists in a vulnerability in inserting or modifying arguments.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper neutralization of parameters. The following versions are affected: 9.4.0, 9.2.0 to 9.2.5, 9.1.0 to 9.1.7, 8.8.0 to 8.8.11, 8.7.0 to 8.7.6, Version 8.6.0 to version 8.6.5, version 8.5.0 to version 8.5.4, version 8.3.7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1299",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 to 8.6.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 to 9.2.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.0 to 8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 to 9.1.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.0 to 8.8.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.5",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.7",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"cve": "CVE-2022-40677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40677",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40677",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-40677",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1432",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. fortinet\u0027s FortiNAC Exists in a vulnerability in inserting or modifying arguments.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from improper neutralization of parameters. The following versions are affected: 9.4.0, 9.2.0 to 9.2.5, 9.1.0 to 9.1.7, 8.8.0 to 8.8.11, 8.7.0 to 8.7.6, Version 8.6.0 to version 8.6.5, version 8.5.0 to version 8.5.4, version 8.3.7",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
},
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "VULMON",
"id": "CVE-2022-40677"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40677",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-436490",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-40677",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
]
},
"id": "VAR-202302-1299",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-436490"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:54:58.202000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-280",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-22-280"
},
{
"title": "Fortinet FortiNAC Repair measures for parameter injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226974"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-88",
"trust": 1.1
},
{
"problemtype": "Insert or change arguments (CWE-88) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-280"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40677"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40677/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-436490"
},
{
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-436490"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"date": "2023-02-16T19:15:13.250000",
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-436490"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40677"
},
{
"date": "2023-10-30T01:06:00",
"db": "JVNDB",
"id": "JVNDB-2022-019899"
},
{
"date": "2023-11-07T03:52:34.873000",
"db": "NVD",
"id": "CVE-2022-40677"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability in inserting or changing arguments in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "parameter injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1432"
}
],
"trust": 0.6
}
}
VAR-202112-0384
Vulnerability from variot - Updated: 2023-12-18 13:51A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. FortiNAC Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC 8.8.8 and earlier versions and 9.1.2 and earlier versions have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.8"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.3"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.5"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.2 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.8 and earlier"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"cve": "CVE-2021-41021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-41021",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-402293",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-41021",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-41021",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-41021",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-696",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-402293",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. FortiNAC Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC 8.8.8 and earlier versions and 9.1.2 and earlier versions have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
},
{
"db": "VULHUB",
"id": "VHN-402293"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41021",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-19076",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-402293",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
]
},
"id": "VAR-202112-0384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:51:21.250000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-182",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-21-182"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174991"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-21-182"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41021"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-402293"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-402293"
},
{
"date": "2022-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"date": "2021-12-08T18:15:18.547000",
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-402293"
},
{
"date": "2022-12-05T07:57:00",
"db": "JVNDB",
"id": "JVNDB-2021-016056"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2021-41021"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016056"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-696"
}
],
"trust": 0.6
}
}
VAR-202112-0525
Vulnerability from variot - Updated: 2023-12-18 13:37A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. FortiNAC Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that could allow an authenticated attacker to access sensitive system data, thereby elevating the authority of an authenticated user to an administrator
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0525",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.4"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.10"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.3 and earlier"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.9 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.4",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.8.10",
"versionStartIncluding": "8.8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"cve": "CVE-2021-43065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-43065",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-404115",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-015921",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-43065",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-43065",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-524",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-404115",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. FortiNAC Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that could allow an authenticated attacker to access sensitive system data, thereby elevating the authority of an authenticated user to an administrator",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
},
{
"db": "VULHUB",
"id": "VHN-404115"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43065",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.4151",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021120719",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-102801",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-404115",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
]
},
"id": "VAR-202112-0525",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:37:10.964000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-178",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-21-178"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173979"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/orangecertcc/security-research/security/advisories/ghsa-8wx4-g5p9-348h"
},
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-21-178"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43065"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120719"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4151"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-404115"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-404115"
},
{
"date": "2022-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"date": "2021-12-09T10:15:11.847000",
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-404115"
},
{
"date": "2022-12-02T07:27:00",
"db": "JVNDB",
"id": "JVNDB-2021-015921"
},
{
"date": "2022-07-28T18:12:57.933000",
"db": "NVD",
"id": "CVE-2021-43065"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 Vulnerability in improper permission assignment for critical resources in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015921"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-524"
}
],
"trust": 0.6
}
}
VAR-202302-1489
Vulnerability from variot - Updated: 2023-12-18 13:36An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. fortinet's FortiNAC There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability, which stems from. The following versions are affected: versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0through 8.5.4, 8.3.7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1489",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 to 8.6.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 to 9.2.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.0 to 8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 to 9.1.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.0 to 8.8.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.5",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.7",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"cve": "CVE-2022-40678",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40678",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40678",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-40678",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1431",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. fortinet\u0027s FortiNAC There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability, which stems from. The following versions are affected: versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0through 8.5.4, 8.3.7",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
},
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "VULMON",
"id": "CVE-2022-40678"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40678",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-436491",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-40678",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
]
},
"id": "VAR-202302-1489",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-436491"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:36:26.512000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-265",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-22-265"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226973"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-265"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40678"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40678/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-436491"
},
{
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-436491"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"date": "2023-02-16T19:15:13.313000",
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-436491"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40678"
},
{
"date": "2023-10-30T01:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-019906"
},
{
"date": "2023-11-07T03:52:34.990000",
"db": "NVD",
"id": "CVE-2022-40678"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Vulnerability regarding insufficient protection of authentication information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1431"
}
],
"trust": 0.6
}
}
VAR-202302-1327
Vulnerability from variot - Updated: 2023-12-18 13:26Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.9"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 to 8.6.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 to 9.2.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 to 9.1.9"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.0 to 8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.0 to 8.8.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.9",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"cve": "CVE-2023-22638",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-22638",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-22638",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2023-22638",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1424",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet\u0027s FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
},
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22638",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1053",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-450600",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-22638",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"id": "VAR-202302-1327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:26:45.293000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-260",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-22-260"
},
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226968"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-260"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22638"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1053"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-22638/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-450600"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"date": "2023-02-16T19:15:13.977000",
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-450600"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"date": "2023-10-30T01:13:00",
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"date": "2023-11-07T04:07:11.260000",
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
],
"trust": 0.6
}
}
VAR-202009-0095
Vulnerability from variot - Updated: 2023-12-18 13:23An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. FortiNAC 8.7.2 and earlier versions have cross-site scripting vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.3"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"cve": "CVE-2020-12816",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-165532",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12816",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1378",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-165532",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortiNAC 8.7.2 and earlier versions have cross-site scripting vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12816"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
},
{
"db": "VULHUB",
"id": "VHN-165532"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12816",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3261",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-57049",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-165532",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
]
},
"id": "VAR-202009-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:09.805000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129749"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-20-002"
},
{
"trust": 1.6,
"url": "https://www.fortiguard.com/psirt/fg-ir-20-002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3261/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12816"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-165532"
},
{
"db": "NVD",
"id": "CVE-2020-12816"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-165532"
},
{
"date": "2020-09-24T15:15:13.093000",
"db": "NVD",
"id": "CVE-2020-12816"
},
{
"date": "2020-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-165532"
},
{
"date": "2020-09-30T22:51:49.997000",
"db": "NVD",
"id": "CVE-2020-12816"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1378"
}
],
"trust": 0.6
}
}
VAR-202302-1269
Vulnerability from variot - Updated: 2023-12-18 13:11An improper authorization vulnerability [CWE-285]Â in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac-f",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-f 7.2.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 that\u0027s all 9.2.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0 that\u0027s all 9.4.2"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "7.2.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.7",
"versionStartIncluding": "9.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"cve": "CVE-2022-38375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38375",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38375",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-38375",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1440",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper authorization vulnerability [CWE-285]\u00a0 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. fortinet\u0027s FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "VULMON",
"id": "CVE-2022-38375"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38375",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-434169",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-38375",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
]
},
"id": "VAR-202302-1269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-434169"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:11:35.462000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-329",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-329"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226809"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-329"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38375"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38375/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-434169"
},
{
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-434169"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"date": "2023-02-16T19:15:12.797000",
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-434169"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38375"
},
{
"date": "2023-10-30T07:28:00",
"db": "JVNDB",
"id": "JVNDB-2023-004465"
},
{
"date": "2023-11-07T03:50:06.460000",
"db": "NVD",
"id": "CVE-2022-38375"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 and \u00a0FortiNAC-F\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004465"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1440"
}
],
"trust": 0.6
}
}
VAR-202302-1353
Vulnerability from variot - Updated: 2023-12-18 13:06An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. fortinet's FortiNAC and FortiNAC-F for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac-f",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac-f",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "8.3.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"cve": "CVE-2022-39954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-39954",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-39954",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-39954",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1435",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. fortinet\u0027s FortiNAC and FortiNAC-F for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "VULMON",
"id": "CVE-2022-39954"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39954",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1054",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-435751",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-39954",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
]
},
"id": "VAR-202302-1353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-435751"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:06:13.179000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-304",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-22-304"
},
{
"title": "Fortinet FortiNAC Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226975"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.1
},
{
"problemtype": "XML Improper restriction of external entity references (CWE-611) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-304"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39954"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39954/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-435751"
},
{
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-435751"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"date": "2023-02-16T19:15:13.120000",
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-435751"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39954"
},
{
"date": "2023-10-30T01:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-019900"
},
{
"date": "2023-11-07T03:50:41.493000",
"db": "NVD",
"id": "CVE-2022-39954"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 and \u00a0FortiNAC-F\u00a0 In \u00a0XML\u00a0 External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019900"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1435"
}
],
"trust": 0.6
}
}
VAR-202302-1417
Vulnerability from variot - Updated: 2023-12-18 12:41Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 that\u0027s all 9.4.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"cve": "CVE-2022-38376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-38376",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38376",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-38376",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1439",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to\u00a0perform an XSS attack via crafted HTTP requests. fortinet\u0027s FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "VULMON",
"id": "CVE-2022-38376"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38376",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-434170",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-38376",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
]
},
"id": "VAR-202302-1417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-434170"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:41:21.855000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-273",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-273"
},
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226808"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-273"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38376"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38376/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-434170"
},
{
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-434170"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"date": "2023-02-16T19:15:12.860000",
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-434170"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38376"
},
{
"date": "2023-10-30T07:28:00",
"db": "JVNDB",
"id": "JVNDB-2023-004466"
},
{
"date": "2023-11-07T03:50:06.630000",
"db": "NVD",
"id": "CVE-2022-38376"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004466"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1439"
}
],
"trust": 0.6
}
}
VAR-202205-0408
Vulnerability from variot - Updated: 2023-12-18 12:26Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. FortiNAC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC versions 8.3.7 to 9.2.2 have a SQL injection vulnerability that stems from insufficient sanitization of user-supplied data. The vulnerability could be exploited by a remote user to send a specially crafted request to an affected application to execute arbitrary SQL commands in the application database. SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0408",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.2"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.2",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.3.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.2",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.5",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"cve": "CVE-2022-26116",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-26116",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-416877",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26116",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26116",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-26116",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2037",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-416877",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-26116",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple improper neutralization of special elements used in SQL commands (\u0027SQL Injection\u0027) vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. FortiNAC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC versions 8.3.7 to 9.2.2 have a SQL injection vulnerability that stems from insufficient sanitization of user-supplied data. The vulnerability could be exploited by a remote user to send a specially crafted request to an affected application to execute arbitrary SQL commands in the application database. SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
},
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26116",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022050319",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-50944",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-416877",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26116",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
]
},
"id": "VAR-202205-0408",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:26:13.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-062",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-22-062"
},
{
"title": "Fortinet FortiNAC SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=193411"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-062"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26116"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050319"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26116/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-416877"
},
{
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-416877"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"date": "2022-05-11T08:15:06.687000",
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"date": "2022-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-416877"
},
{
"date": "2022-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26116"
},
{
"date": "2023-08-22T06:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-011444"
},
{
"date": "2022-05-18T19:37:23.813000",
"db": "NVD",
"id": "CVE-2022-26116"
},
{
"date": "2022-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2037"
}
],
"trust": 0.6
}
}
VAR-201908-0099
Vulnerability from variot - Updated: 2023-12-18 12:17An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. The admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "eq",
"trust": 2.4,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "8.3.0 to 8.3.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 0.6,
"vendor": "fortinet",
"version": "8.3.0,\u003c=8.3.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.3"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3"
},
{
"model": "fortinac",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.5.1"
},
{
"model": "fortinac",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.3.6",
"versionStartIncluding": "8.3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johnatan Camargo from PBI | Dynamic IT Security.",
"sources": [
{
"db": "BID",
"id": "109302"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 0.9
},
"cve": "CVE-2019-5594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5594",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-22380",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-157029",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-5594",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5594",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-22380",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-985",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157029",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nThe admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nFortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "VULHUB",
"id": "VHN-157029"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5594",
"trust": 3.4
},
{
"db": "BID",
"id": "109302",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-22380",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2651",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-157029",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
]
},
"id": "VAR-201908-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
}
]
},
"last_update_date": "2023-12-18T12:17:49.087000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-19-140",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-19-140"
},
{
"title": "Patch for Fortinet FortiNAC cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/213611"
},
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5594"
},
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-19-140"
},
{
"trust": 0.9,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.9,
"url": "https://fortiguard.com/psirt/fg-ir-19-140"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5594"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2651/"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/109302"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"date": "2019-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-157029"
},
{
"date": "2019-07-16T00:00:00",
"db": "BID",
"id": "109302"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"date": "2019-08-23T21:15:12.130000",
"db": "NVD",
"id": "CVE-2019-5594"
},
{
"date": "2019-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"date": "2019-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-157029"
},
{
"date": "2019-07-16T00:00:00",
"db": "BID",
"id": "109302"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"date": "2019-08-26T14:12:55.073000",
"db": "NVD",
"id": "CVE-2019-5594"
},
{
"date": "2019-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 0.6
}
}
VAR-202207-0114
Vulnerability from variot - Updated: 2023-12-18 12:15An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.6"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.4"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.2"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.11 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.5 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.6 and earlier"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.3 and earlier"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.2 and earlier"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.5 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.2",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.6",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4",
"versionStartIncluding": "9.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"cve": "CVE-2022-26117",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-015258",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26117",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-26117",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-015258",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-383",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
},
{
"db": "VULHUB",
"id": "VHN-416878"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26117",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3268",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070529",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-416878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416878"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
]
},
"id": "VAR-202207-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-416878"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:15:31.842000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-058",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-22-058"
},
{
"title": "Fortinet FortiNAC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=201341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.1
},
{
"problemtype": "Weak password request (CWE-521) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416878"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-058"
},
{
"trust": 1.7,
"url": "https://github.com/orangecertcc/security-research/security/advisories/ghsa-r259-5p5p-2q47"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26117"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26117/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070529"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3268"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416878"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-416878"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-416878"
},
{
"date": "2023-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"date": "2022-07-18T18:15:09.017000",
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"date": "2022-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-416878"
},
{
"date": "2023-09-26T05:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-015258"
},
{
"date": "2023-02-16T19:28:48.090000",
"db": "NVD",
"id": "CVE-2022-26117"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 Vulnerability in requesting weak passwords in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015258"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-383"
}
],
"trust": 0.6
}
}
VAR-202302-1445
Vulnerability from variot - Updated: 2023-12-18 11:55Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1445",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac-f",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.2"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac-f",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "7.2.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-f 7.2.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7 to 9.2.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0 that\u0027s all 9.4.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "8.3.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"cve": "CVE-2022-40675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40675",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40675",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-40675",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1433",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet\u0027s FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "VULMON",
"id": "CVE-2022-40675"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40675",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-436488",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-40675",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
]
},
"id": "VAR-202302-1445",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-436488"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:55:00.063000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-312",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-312"
},
{
"title": "Fortinet FortiNAC Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226803"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-327",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-312"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40675"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40675/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-436488"
},
{
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-436488"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"date": "2023-02-16T19:15:13.187000",
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-436488"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40675"
},
{
"date": "2023-10-30T05:48:00",
"db": "JVNDB",
"id": "JVNDB-2023-004412"
},
{
"date": "2023-11-07T03:52:34.577000",
"db": "NVD",
"id": "CVE-2022-40675"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 and \u00a0FortiNAC-F\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1433"
}
],
"trust": 0.6
}
}
VAR-202105-0663
Vulnerability from variot - Updated: 2023-12-18 11:07A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. FortiNAC Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. FortiNAC has vulnerabilities in permissions and access control issues. The vulnerabilities stem from the incorrect application of security restrictions. This vulnerability allows remote users to elevate privileges on the system. The following products and versions are affected: FortiNAC: 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.5.0, 8.5.1, 8.5 .2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.7.0, 8.7.1, 8.7.2, 8.7.4 , 8.7.5, 8.7.6, 8.8.0, 8.8.1. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0663",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.8.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"cve": "CVE-2021-24011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-24011",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-382729",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-24011",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-24011",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-24011",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-180",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-382729",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-24011",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. FortiNAC Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortiNAC has vulnerabilities in permissions and access control issues. The vulnerabilities stem from the incorrect application of security restrictions. This vulnerability allows remote users to elevate privileges on the system. The following products and versions are affected: FortiNAC: 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.5.0, 8.5.1, 8.5 .2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.7.0, 8.7.1, 8.7.2, 8.7.4 , 8.7.5, 8.7.6, 8.8.0, 8.8.1. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-24011",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.1510",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050506",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-382729",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-24011",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202105-0663",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-382729"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:07:55.835000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-20-038",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-20-038"
},
{
"title": "Fortinet FortiNAC Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151200"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/advisory/fg-ir-20-038"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-24011"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1510"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050506"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-382729"
},
{
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-382729"
},
{
"date": "2021-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"date": "2022-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"date": "2021-05-10T12:15:07.640000",
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"date": "2021-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-382729"
},
{
"date": "2021-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-24011"
},
{
"date": "2022-01-20T07:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-006797"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2021-24011"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-180"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNAC\u00a0 Vulnerability in privilege management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006797"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-180"
}
],
"trust": 0.6
}
}