CVE-2023-22637
https://notcve.org/view.php?id=CVE-2023-22637
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. • https://fortiguard.com/psirt/FG-IR-23-013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-26203
https://notcve.org/view.php?id=CVE-2023-26203
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. • https://fortiguard.com/psirt/FG-IR-22-520 • CWE-798: Use of Hard-coded Credentials •
CVE-2022-45860
https://notcve.org/view.php?id=CVE-2022-45860
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. • https://fortiguard.com/psirt/FG-IR-22-464 • CWE-287: Improper Authentication CWE-1390: Weak Authentication •
CVE-2022-45858
https://notcve.org/view.php?id=CVE-2022-45858
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. • https://fortiguard.com/psirt/FG-IR-22-452 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-43950
https://notcve.org/view.php?id=CVE-2022-43950
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. • https://fortiguard.com/psirt/FG-IR-22-407 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •