Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-39946: Fortiguard

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

CVE
Open in Source
#vulnerability#js#auth

** PSIRT Advisories**

FortiNAC - Improper access control on administrative panels

Summary

An access control vulnerability [CWE-284] in FortiNAC may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

Affected Products

At least
FortiNAC version 9.4.0 through 9.4.2
FortiNAC 9.2.0 through 9.2.7
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions

Solutions

Please upgrade to FortiNAC-F version 7.2.0 or above
Please upgrade to FortiNAC version 9.4.3 or above
Please upgrade to FortiNAC version 9.2.8 or above

Acknowledgement

Internally discovered and reported by Giulia Clerici and Théo Leleu of the Fortinet Product Security team.

Timeline

2023-05-09: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE