Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39953

A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.

Published

2023-03-07T17:15:11.943

Last Modified

2024-11-21T07:18:33.187

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortinac	≤ 8.5.4	Yes
Application	fortinet	fortinac	≤ 8.6.5	Yes
Application	fortinet	fortinac	≤ 8.7.6	Yes
Application	fortinet	fortinac	≤ 8.8.11	Yes
Application	fortinet	fortinac	≤ 9.1.8	Yes
Application	fortinet	fortinac	≤ 9.2.6	Yes
Application	fortinet	fortinac	8.3.7	Yes
Application	fortinet	fortinac	9.4.0	Yes
Application	fortinet	fortinac	9.4.1	Yes

References

https://fortiguard.com/psirt/FG-IR-22-309 Vendor Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-22-309 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)