Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40678

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.

Published

2023-02-16T19:15:13.313

Last Modified

2024-11-21T07:21:50.310

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses

Type: Secondary
CWE-522
Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortinac	≤ 8.5.4	Yes
Application	fortinet	fortinac	≤ 8.6.5	Yes
Application	fortinet	fortinac	≤ 8.7.6	Yes
Application	fortinet	fortinac	≤ 8.8.11	Yes
Application	fortinet	fortinac	≤ 9.1.7	Yes
Application	fortinet	fortinac	≤ 9.2.5	Yes
Application	fortinet	fortinac	8.3.7	Yes
Application	fortinet	fortinac	9.4.0	Yes

References

https://fortiguard.com/psirt/FG-IR-22-265 Patch, Vendor Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-22-265 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)