CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-31488
https://notcve.org/view.php?id=CVE-2024-31488
14 May 2024 — An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests. Una neutralización inadecuada de entradas durante la vulnerabilidad de generación de páginas web [CWE-79] en FortiNAC versión 9.4.0 a 9.4.4, 9.... • https://fortiguard.com/psirt/FG-IR-24-040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-26206
https://notcve.org/view.php?id=CVE-2023-26206
15 Feb 2024 — An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. Una neutralización inadecuada de la entrada durante la generación de la página web ('cross-site scripting') en Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 y 7.2.0 permite a un atacante para ejecutar código o comand... • https://fortiguard.com/psirt/FG-IR-23-063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-33299
https://notcve.org/view.php?id=CVE-2023-33299
23 Jun 2023 — A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. • https://fortiguard.com/psirt/FG-IR-23-074 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22633
https://notcve.org/view.php?id=CVE-2023-22633
13 Jun 2023 — An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. • https://fortiguard.com/psirt/FG-IR-22-521 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.3EPSS: 0%CPEs: 9EXPL: 0CVE-2022-39946
https://notcve.org/view.php?id=CVE-2022-39946
13 Jun 2023 — An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all ... • https://fortiguard.com/psirt/FG-IR-22-332 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22637
https://notcve.org/view.php?id=CVE-2023-22637
03 May 2023 — An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. • https://fortiguard.com/psirt/FG-IR-23-013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26203
https://notcve.org/view.php?id=CVE-2023-26203
03 May 2023 — A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. • https://fortiguard.com/psirt/FG-IR-22-520 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45860
https://notcve.org/view.php?id=CVE-2022-45860
03 May 2023 — A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. • https://fortiguard.com/psirt/FG-IR-22-464 • CWE-287: Improper Authentication CWE-1390: Weak Authentication •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45858
https://notcve.org/view.php?id=CVE-2022-45858
03 May 2023 — A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. • https://fortiguard.com/psirt/FG-IR-22-452 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43950
https://notcve.org/view.php?id=CVE-2022-43950
03 May 2023 — A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. • https://fortiguard.com/psirt/FG-IR-22-407 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •