Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39954

An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.

Published

2023-02-16T19:15:13.120

Last Modified

2024-11-21T07:18:33.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Secondary
CWE-611
Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortinac	≤ 9.2.7	Yes
Application	fortinet	fortinac	< 9.4.2	Yes
Application	fortinet	fortinac-f	< 7.2.0	Yes

References

https://fortiguard.com/psirt/FG-IR-22-304 Vendor Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-22-304 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)