NotCVE - vendor:"Fortinet" product:"Fortinac-f" version:"

4 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-43951

https://notcve.org/view.php?id=CVE-2022-43951

11 Apr 2023 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-409 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-40675

https://notcve.org/view.php?id=CVE-2022-40675

16 Feb 2023 — Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. • https://fortiguard.com/psirt/FG-IR-22-312 • CWE-310: Cryptographic Issues •

CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-39954

https://notcve.org/view.php?id=CVE-2022-39954

16 Feb 2023 — An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. • https://fortiguard.com/psirt/FG-IR-22-304 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-38375

https://notcve.org/view.php?id=CVE-2022-38375

16 Feb 2023 — An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. • https://fortiguard.com/psirt/FG-IR-22-329 • CWE-285: Improper Authorization •