CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-45859
https://notcve.org/view.php?id=CVE-2022-45859
03 May 2023 — An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. • https://fortiguard.com/psirt/FG-IR-22-456 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43951
https://notcve.org/view.php?id=CVE-2022-43951
11 Apr 2023 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-409 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-40676
https://notcve.org/view.php?id=CVE-2022-40676
07 Mar 2023 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. • https://fortiguard.com/psirt/FG-IR-22-281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-39953
https://notcve.org/view.php?id=CVE-2022-39953
07 Mar 2023 — A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. • https://fortiguard.com/psirt/FG-IR-22-309 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22638
https://notcve.org/view.php?id=CVE-2023-22638
16 Feb 2023 — Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. • https://fortiguard.com/psirt/FG-IR-22-260 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-40677
https://notcve.org/view.php?id=CVE-2022-40677
16 Feb 2023 — A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. • https://fortiguard.com/psirt/FG-IR-22-280 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 93%CPEs: 4EXPL: 5CVE-2022-39952 – Fortinet FortiNAC keyUpload.jsp Arbitrary File Write
https://notcve.org/view.php?id=CVE-2022-39952
16 Feb 2023 — A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. • https://packetstorm.news/files/id/171351 • CWE-73: External Control of File Name or Path CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40675
https://notcve.org/view.php?id=CVE-2022-40675
16 Feb 2023 — Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. • https://fortiguard.com/psirt/FG-IR-22-312 • CWE-310: Cryptographic Issues •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39954
https://notcve.org/view.php?id=CVE-2022-39954
16 Feb 2023 — An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. • https://fortiguard.com/psirt/FG-IR-22-304 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-40678
https://notcve.org/view.php?id=CVE-2022-40678
16 Feb 2023 — An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. • https://fortiguard.com/psirt/FG-IR-22-265 • CWE-522: Insufficiently Protected Credentials •