Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-22638 (GCVE-0-2023-22638)
Vulnerability from cvelistv5 – Published: 2023-02-16 18:07 – Updated: 2024-10-23 14:32
VLAI?
EPSS
Summary
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiNAC |
Affected:
9.4.0 , ≤ 9.4.1
(semver)
Affected: 9.2.0 , ≤ 9.2.7 (semver) Affected: 9.1.0 , ≤ 9.1.8 (semver) Affected: 8.8.0 , ≤ 8.8.11 (semver) Affected: 8.7.0 , ≤ 8.7.6 (semver) Affected: 8.6.0 , ≤ 8.6.5 (semver) Affected: 8.5.0 , ≤ 8.5.4 (semver) Affected: 8.3.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-260",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:35.344234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:32:18.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:07:06.780Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-260",
"url": "https://fortiguard.com/psirt/FG-IR-22-260"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.0 or above,\r\nPlease upgrade to FortiNAC version 9.4.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-22638",
"datePublished": "2023-02-16T18:07:06.780Z",
"dateReserved": "2023-01-05T10:06:31.522Z",
"dateUpdated": "2024-10-23T14:32:18.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.0\", \"versionEndIncluding\": \"8.5.4\", \"matchCriteriaId\": \"8292B841-851C-42C2-AF13-17AB2FA894CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.6.0\", \"versionEndIncluding\": \"8.6.5\", \"matchCriteriaId\": \"95E75B88-1750-4FB6-BCE4-74B69D93C918\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.7.0\", \"versionEndIncluding\": \"8.7.6\", \"matchCriteriaId\": \"3BD32B25-76B4-4D6E-BB5C-065070297058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.8.0\", \"versionEndIncluding\": \"8.8.11\", \"matchCriteriaId\": \"46929BE3-0396-4B8A-9889-9F6CA73FAD4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.1.0\", \"versionEndIncluding\": \"9.1.9\", \"matchCriteriaId\": \"D101F116-0C73-401E-9882-8BA2F403FA4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.2.0\", \"versionEndIncluding\": \"9.2.7\", \"matchCriteriaId\": \"B341AE7E-48F1-4ABE-891F-F9D543D19E29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"952F266E-0E48-4D69-81E0-9F813B60AC3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E12E11B0-E21A-4124-9DF9-FF268BB19813\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4648F862-AB8C-4B8D-8F2D-5D2641F08845\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.\"}]",
"id": "CVE-2023-22638",
"lastModified": "2024-11-21T07:45:06.270",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
"published": "2023-02-16T19:15:13.977",
"references": "[{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-260\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-22-260\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-22638\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2023-02-16T19:15:13.977\",\"lastModified\":\"2024-11-21T07:45:06.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.4\",\"matchCriteriaId\":\"8292B841-851C-42C2-AF13-17AB2FA894CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.6.0\",\"versionEndIncluding\":\"8.6.5\",\"matchCriteriaId\":\"95E75B88-1750-4FB6-BCE4-74B69D93C918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0\",\"versionEndIncluding\":\"8.7.6\",\"matchCriteriaId\":\"3BD32B25-76B4-4D6E-BB5C-065070297058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.8.0\",\"versionEndIncluding\":\"8.8.11\",\"matchCriteriaId\":\"46929BE3-0396-4B8A-9889-9F6CA73FAD4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0\",\"versionEndIncluding\":\"9.1.9\",\"matchCriteriaId\":\"D101F116-0C73-401E-9882-8BA2F403FA4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.2.0\",\"versionEndIncluding\":\"9.2.7\",\"matchCriteriaId\":\"B341AE7E-48F1-4ABE-891F-F9D543D19E29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"952F266E-0E48-4D69-81E0-9F813B60AC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E12E11B0-E21A-4124-9DF9-FF268BB19813\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4648F862-AB8C-4B8D-8F2D-5D2641F08845\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-260\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-260\", \"name\": \"https://fortiguard.com/psirt/FG-IR-22-260\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:13:49.511Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-22638\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T14:11:35.344234Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T14:15:14.662Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"FortiNAC\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.4.1\"}, {\"status\": \"affected\", \"version\": \"9.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.2.7\"}, {\"status\": \"affected\", \"version\": \"9.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.1.8\"}, {\"status\": \"affected\", \"version\": \"8.8.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.8.11\"}, {\"status\": \"affected\", \"version\": \"8.7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.7.6\"}, {\"status\": \"affected\", \"version\": \"8.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.6.5\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.4\"}, {\"status\": \"affected\", \"version\": \"8.3.7\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiNAC-F version 7.2.0 or above,\\r\\nPlease upgrade to FortiNAC version 9.4.2 or above\"}], \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-260\", \"name\": \"https://fortiguard.com/psirt/FG-IR-22-260\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2023-02-16T18:07:06.780Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-22638\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-23T14:32:18.357Z\", \"dateReserved\": \"2023-01-05T10:06:31.522Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2023-02-16T18:07:06.780Z\", \"assignerShortName\": \"fortinet\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0146
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiWeb | FortiWeb versions 5.x à 7.x antérieures à 7.0.5 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 6.4.2 | ||
| Fortinet | FortiNAC | FortiNAC-F versions antérieures à 7.2.0 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x à 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiADC | FortiADC versions 5.x à 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiAuthenticator versions 6.1.x antérieures à 6.1.1 | ||
| Fortinet | N/A | FortiExtender versions 3.3.x antérieures à 3.3.3 | ||
| Fortinet | N/A | FortiExtender versions 5.3.x antérieures à 7.0.4 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.x à 9.4.x antérieures à 9.4.2 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.2.x à 4.x antérieures à 4.2.0 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiExtender versions 3.x antérieures à 3.2.4 | ||
| Fortinet | N/A | FortiExtender versions 4.2.x antérieures à 4.2.5 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiWAN | FortiWAN versions 4.x antérieures à 4.5.10 | ||
| Fortinet | N/A | FortiExtender versions 4.1.x antérieures à 4.1.9 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.x antérieures à 6.4.11 | ||
| Fortinet | FortiADC | FortiADC 5.1 all versions | ||
| Fortinet | FortiADC | FortiADC 5.0 all versions | ||
| Fortinet | N/A | FortiExtender versions 4.0.x antérieures à 4.0.3 (version à venir) | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x à 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | N/A | FortiAuthenticator versions 5.x à 6.0.x antérieures à 6.0.5 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiWeb versions 5.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.x \u00e0 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.3.x ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 5.3.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.x \u00e0 9.4.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.2.x \u00e0 4.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.x ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.2.x ant\u00e9rieures \u00e0 4.2.5 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN versions 4.x ant\u00e9rieures \u00e0 4.5.10",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.1.x ant\u00e9rieures \u00e0 4.1.9 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.1 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.0 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.0.x ant\u00e9rieures \u00e0 4.0.3 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 5.x \u00e0 6.0.x ant\u00e9rieures \u00e0 6.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30304"
},
{
"name": "CVE-2021-42756",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42756"
},
{
"name": "CVE-2023-23780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23780"
},
{
"name": "CVE-2022-40678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40678"
},
{
"name": "CVE-2022-40677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40677"
},
{
"name": "CVE-2022-33869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33869"
},
{
"name": "CVE-2022-30303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30303"
},
{
"name": "CVE-2022-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26115"
},
{
"name": "CVE-2023-22638",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22638"
},
{
"name": "CVE-2022-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42472"
},
{
"name": "CVE-2022-39948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
},
{
"name": "CVE-2022-41335",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41335"
},
{
"name": "CVE-2022-38378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38378"
},
{
"name": "CVE-2022-30306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30306"
},
{
"name": "CVE-2023-23782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23782"
},
{
"name": "CVE-2021-43074",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43074"
},
{
"name": "CVE-2023-23778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23778"
},
{
"name": "CVE-2023-25602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25602"
},
{
"name": "CVE-2022-22302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22302"
},
{
"name": "CVE-2022-27489",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27489"
},
{
"name": "CVE-2022-43954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43954"
},
{
"name": "CVE-2022-30299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30299"
},
{
"name": "CVE-2022-30300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30300"
},
{
"name": "CVE-2022-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38375"
},
{
"name": "CVE-2022-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29054"
},
{
"name": "CVE-2022-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33871"
},
{
"name": "CVE-2022-39952",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39952"
},
{
"name": "CVE-2023-22636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22636"
},
{
"name": "CVE-2022-40683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40683"
},
{
"name": "CVE-2023-23777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23777"
},
{
"name": "CVE-2023-23779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23779"
},
{
"name": "CVE-2023-23784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23784"
},
{
"name": "CVE-2022-38376",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38376"
},
{
"name": "CVE-2021-42761",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42761"
},
{
"name": "CVE-2022-39954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39954"
},
{
"name": "CVE-2022-40675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40675"
},
{
"name": "CVE-2023-23783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23783"
},
{
"name": "CVE-2022-27482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27482"
},
{
"name": "CVE-2023-23781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23781"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-273"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-329"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-157"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-080"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-133"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-166"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-187"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-167"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-111"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-430"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-260"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-280"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-300"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-460"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-304"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-046"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-362"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-164"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-126"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-346"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-151"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-391"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-220"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-214"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-118"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-312"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-131"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-163"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-234"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-186"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-014"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-224"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-048"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-257"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-348"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-265"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-136"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-146"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-142"
}
],
"reference": "CERTFR-2023-AVI-0146",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-166 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-460 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-046 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-280 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-273 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-251 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-312 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-014 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-362 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-300 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-214 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-391 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-164 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-430 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-146 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-131 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-157 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-265 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-234 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-118 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-348 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-187 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-220 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-260 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-167 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-151 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-346 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-111 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-080 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-133 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-304 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-329 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-142 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-163 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-048 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-186 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-257 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-126 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-136 du 16 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0146
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiWeb | FortiWeb versions 5.x à 7.x antérieures à 7.0.5 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 6.4.2 | ||
| Fortinet | FortiNAC | FortiNAC-F versions antérieures à 7.2.0 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x à 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiADC | FortiADC versions 5.x à 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiAuthenticator versions 6.1.x antérieures à 6.1.1 | ||
| Fortinet | N/A | FortiExtender versions 3.3.x antérieures à 3.3.3 | ||
| Fortinet | N/A | FortiExtender versions 5.3.x antérieures à 7.0.4 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.x à 9.4.x antérieures à 9.4.2 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.2.x à 4.x antérieures à 4.2.0 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiExtender versions 3.x antérieures à 3.2.4 | ||
| Fortinet | N/A | FortiExtender versions 4.2.x antérieures à 4.2.5 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiWAN | FortiWAN versions 4.x antérieures à 4.5.10 | ||
| Fortinet | N/A | FortiExtender versions 4.1.x antérieures à 4.1.9 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.x antérieures à 6.4.11 | ||
| Fortinet | FortiADC | FortiADC 5.1 all versions | ||
| Fortinet | FortiADC | FortiADC 5.0 all versions | ||
| Fortinet | N/A | FortiExtender versions 4.0.x antérieures à 4.0.3 (version à venir) | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x à 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | N/A | FortiAuthenticator versions 5.x à 6.0.x antérieures à 6.0.5 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiWeb versions 5.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.x \u00e0 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.3.x ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 5.3.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.x \u00e0 9.4.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.2.x \u00e0 4.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.x ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.2.x ant\u00e9rieures \u00e0 4.2.5 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN versions 4.x ant\u00e9rieures \u00e0 4.5.10",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.1.x ant\u00e9rieures \u00e0 4.1.9 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.1 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.0 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.0.x ant\u00e9rieures \u00e0 4.0.3 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 5.x \u00e0 6.0.x ant\u00e9rieures \u00e0 6.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30304"
},
{
"name": "CVE-2021-42756",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42756"
},
{
"name": "CVE-2023-23780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23780"
},
{
"name": "CVE-2022-40678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40678"
},
{
"name": "CVE-2022-40677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40677"
},
{
"name": "CVE-2022-33869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33869"
},
{
"name": "CVE-2022-30303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30303"
},
{
"name": "CVE-2022-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26115"
},
{
"name": "CVE-2023-22638",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22638"
},
{
"name": "CVE-2022-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42472"
},
{
"name": "CVE-2022-39948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
},
{
"name": "CVE-2022-41335",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41335"
},
{
"name": "CVE-2022-38378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38378"
},
{
"name": "CVE-2022-30306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30306"
},
{
"name": "CVE-2023-23782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23782"
},
{
"name": "CVE-2021-43074",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43074"
},
{
"name": "CVE-2023-23778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23778"
},
{
"name": "CVE-2023-25602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25602"
},
{
"name": "CVE-2022-22302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22302"
},
{
"name": "CVE-2022-27489",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27489"
},
{
"name": "CVE-2022-43954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43954"
},
{
"name": "CVE-2022-30299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30299"
},
{
"name": "CVE-2022-30300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30300"
},
{
"name": "CVE-2022-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38375"
},
{
"name": "CVE-2022-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29054"
},
{
"name": "CVE-2022-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33871"
},
{
"name": "CVE-2022-39952",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39952"
},
{
"name": "CVE-2023-22636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22636"
},
{
"name": "CVE-2022-40683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40683"
},
{
"name": "CVE-2023-23777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23777"
},
{
"name": "CVE-2023-23779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23779"
},
{
"name": "CVE-2023-23784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23784"
},
{
"name": "CVE-2022-38376",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38376"
},
{
"name": "CVE-2021-42761",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42761"
},
{
"name": "CVE-2022-39954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39954"
},
{
"name": "CVE-2022-40675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40675"
},
{
"name": "CVE-2023-23783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23783"
},
{
"name": "CVE-2022-27482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27482"
},
{
"name": "CVE-2023-23781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23781"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-273"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-329"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-157"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-080"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-133"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-166"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-187"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-167"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-111"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-430"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-260"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-280"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-300"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-460"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-304"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-046"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-362"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-164"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-126"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-346"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-151"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-391"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-220"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-214"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-118"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-312"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-131"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-163"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-234"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-186"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-014"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-224"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-048"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-257"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-348"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-265"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-136"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-146"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-142"
}
],
"reference": "CERTFR-2023-AVI-0146",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-166 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-460 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-046 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-280 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-273 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-251 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-312 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-014 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-362 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-300 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-214 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-391 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-164 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-430 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-146 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-131 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-157 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-265 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-234 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-118 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-348 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-187 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-220 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-260 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-167 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-151 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-346 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-111 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-080 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-133 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-304 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-329 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-142 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-163 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-048 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-186 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-257 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-126 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-136 du 16 f\u00e9vrier 2023",
"url": null
}
]
}
GHSA-2GG9-87CR-QR23
Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-02-27 18:32
VLAI?
Details
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
Severity ?
5.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-22638"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T19:15:00Z",
"severity": "MODERATE"
},
"details": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.",
"id": "GHSA-2gg9-87cr-qr23",
"modified": "2023-02-27T18:32:00Z",
"published": "2023-02-16T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22638"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-22-260"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2023-22638
Vulnerability from fkie_nvd - Published: 2023-02-16 19:15 - Updated: 2024-11-21 07:45
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-260 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-260 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8292B841-851C-42C2-AF13-17AB2FA894CD",
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E75B88-1750-4FB6-BCE4-74B69D93C918",
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD32B25-76B4-4D6E-BB5C-065070297058",
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46929BE3-0396-4B8A-9889-9F6CA73FAD4E",
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D101F116-0C73-401E-9882-8BA2F403FA4E",
"versionEndIncluding": "9.1.9",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B341AE7E-48F1-4ABE-891F-F9D543D19E29",
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "952F266E-0E48-4D69-81E0-9F813B60AC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E12E11B0-E21A-4124-9DF9-FF268BB19813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4648F862-AB8C-4B8D-8F2D-5D2641F08845",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests."
}
],
"id": "CVE-2023-22638",
"lastModified": "2024-11-21T07:45:06.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-16T19:15:13.977",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-260"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2023-22638
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-22638",
"id": "GSD-2023-22638"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-22638"
],
"details": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.",
"id": "GSD-2023-22638",
"modified": "2023-12-13T01:20:42.556096Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2023-22638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiNAC",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.4.0",
"version_value": "9.4.1"
},
{
"version_affected": "\u003c=",
"version_name": "9.2.0",
"version_value": "9.2.7"
},
{
"version_affected": "\u003c=",
"version_name": "9.1.0",
"version_value": "9.1.8"
},
{
"version_affected": "\u003c=",
"version_name": "8.8.0",
"version_value": "8.8.11"
},
{
"version_affected": "\u003c=",
"version_name": "8.7.0",
"version_value": "8.7.6"
},
{
"version_affected": "\u003c=",
"version_name": "8.6.0",
"version_value": "8.6.5"
},
{
"version_affected": "\u003c=",
"version_name": "8.5.0",
"version_value": "8.5.4"
},
{
"version_affected": "=",
"version_value": "8.3.7"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-79",
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-260",
"refsource": "MISC",
"url": "https://fortiguard.com/psirt/FG-IR-22-260"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.0 or above,\r\nPlease upgrade to FortiNAC version 9.4.2 or above"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.9",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2023-22638"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-260",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-260"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-02-27T18:17Z",
"publishedDate": "2023-02-16T19:15Z"
}
}
}
VAR-202302-1327
Vulnerability from variot - Updated: 2023-12-18 13:26Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.7"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.5"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.2.0"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "9.1.9"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.7.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.8.11"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.6.0 to 8.6.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.3.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.2.0 to 9.2.7"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.1.0 to 9.1.9"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.7.0 to 8.7.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.5.0 to 8.5.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "9.4.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "8.8.0 to 8.8.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.5",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.11",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.4",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.9",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"cve": "CVE-2023-22638",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-22638",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-22638",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2023-22638",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1424",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet\u0027s FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
},
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22638",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1053",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-450600",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-22638",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"id": "VAR-202302-1327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:26:45.293000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-260",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-22-260"
},
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226968"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-22-260"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22638"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1053"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-22638/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-450600"
},
{
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-450600"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"date": "2023-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"date": "2023-02-16T19:15:13.977000",
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-450600"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22638"
},
{
"date": "2023-10-30T01:13:00",
"db": "JVNDB",
"id": "JVNDB-2023-004331"
},
{
"date": "2023-11-07T04:07:11.260000",
"db": "NVD",
"id": "CVE-2023-22638"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiNAC\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004331"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1424"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…