CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38376
https://notcve.org/view.php?id=CVE-2022-38376
16 Feb 2023 — Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-26117
https://notcve.org/view.php?id=CVE-2022-26117
18 Jul 2022 — An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. Una vulnerabilidad de contraseña vacía en el archivo de configuración [CWE-258] en FortiNAC versiones 8.3.7 y anteriores, 8.5.2 y anteriores, 8.5.4, 8.6.0, 8.6.5 y anteriores, 8.7.6 y anteriores, 8.8.11 y anteriores,... • https://fortiguard.com/psirt/FG-IR-22-058 • CWE-521: Weak Password Requirements •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-26116
https://notcve.org/view.php?id=CVE-2022-26116
11 May 2022 — Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. Múltiples neutralizaciones inapropiadas de elementos especiales usados en comandos SQL ("Inyección SQL") vulnerabilidad [C... • https://fortiguard.com/psirt/FG-IR-22-062 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-43065
https://notcve.org/view.php?id=CVE-2021-43065
09 Dec 2021 — A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. Una asignación incorrecta de permisos para recursos críticos en Fortinet FortiNAC versión 9.2.0, versión 9.1.3 y anteriores, versión 8.8.9 y anteriores, permite al atacante conseguir mayores privilegios por medio del acceso a datos confidenciales del sistema • https://fortiguard.com/advisory/FG-IR-21-178 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-41021
https://notcve.org/view.php?id=CVE-2021-41021
08 Dec 2021 — A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. Una vulnerabilidad de escalada de privilegios en FortiNAC versiones 8.8.8 y anteriores y 9.1.2 y anteriores, puede permitir a un usuario administrador escalar los privilegios a root por medio del comando sudo • https://fortiguard.com/advisory/FG-IR-21-182 •