CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26203
https://notcve.org/view.php?id=CVE-2023-26203
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. • https://fortiguard.com/psirt/FG-IR-22-520 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45860
https://notcve.org/view.php?id=CVE-2022-45860
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. • https://fortiguard.com/psirt/FG-IR-22-464 • CWE-287: Improper Authentication CWE-1390: Weak Authentication •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43950
https://notcve.org/view.php?id=CVE-2022-43950
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. • https://fortiguard.com/psirt/FG-IR-22-407 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-45859
https://notcve.org/view.php?id=CVE-2022-45859
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. • https://fortiguard.com/psirt/FG-IR-22-456 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-26116
https://notcve.org/view.php?id=CVE-2022-26116
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. Múltiples neutralizaciones inapropiadas de elementos especiales usados en comandos SQL ("Inyección SQL") vulnerabilidad [CWE-89] en FortiNAC versiones: 8.3.7 y anteriores, 8.5.2 y anteriores, 8.5.4, 8.6.0, 8.6.5 y anteriores, 8.7.6 y anteriores, 8.8.11 y anteriores, 9.1.5 y anteriores, 9.2.2 y anteriores, pueden permitir a un atacante autenticado ejecutar código o comandos no autorizados por medio de parámetros de cadenas específicamente diseñados • https://fortiguard.com/psirt/FG-IR-22-062 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •