Headline
CVE-2023-26203: Fortiguard
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.
** PSIRT Advisories**
FortiNAC - database harcoded credentials
Summary
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC may allow an authenticated attacker to access to the database via shell commands.
Affected Products
FortiNAC version 9.4.0 through 9.4.2
FortiNAC-F version 7.2.0
FortiNAC 9.2 all versions
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
Solutions
Please upgrade to FortiNAC version 9.4.3 or above
Please upgrade to FortiNAC-F version 7.2.1 or above
Acknowledgement
Fortinet is pleased to thank KPN for bringing this issue to our attention under responsible disclosure.
Timeline
2023-04-13: Initial publication