Vulnerabilities > Fortinet > Fortinac F

DATE CVE VULNERABILITY TITLE RISK
2023-06-13 CVE-2023-22633 Unspecified vulnerability in Fortinet Fortinac and Fortinac-F
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.
network
low complexity
fortinet
7.5
2023-05-03 CVE-2022-43950 Open Redirect vulnerability in Fortinet Fortinac and Fortinac-F
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
network
low complexity
fortinet CWE-601
4.7
2023-05-03 CVE-2022-45859 Insufficiently Protected Credentials vulnerability in Fortinet Fortinac and Fortinac-F
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.
local
low complexity
fortinet CWE-522
4.4
2023-05-03 CVE-2022-45860 Improper Authentication vulnerability in Fortinet Fortinac and Fortinac-F
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.
network
low complexity
fortinet CWE-287
7.5
2023-05-03 CVE-2023-22637 Cross-site Scripting vulnerability in Fortinet Fortinac and Fortinac-F
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.
network
low complexity
fortinet CWE-79
critical
9.0
2023-05-03 CVE-2023-26203 Use of Hard-coded Credentials vulnerability in Fortinet Fortinac and Fortinac-F
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.
local
low complexity
fortinet CWE-798
7.8
2023-04-11 CVE-2022-43951 Unspecified vulnerability in Fortinet Fortinac and Fortinac-F
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.
network
low complexity
fortinet
7.5
2023-02-16 CVE-2022-38375 Unspecified vulnerability in Fortinet Fortinac and Fortinac-F
An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
network
low complexity
fortinet
critical
9.8
2023-02-16 CVE-2022-39954 XXE vulnerability in Fortinet Fortinac and Fortinac-F
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
network
low complexity
fortinet CWE-611
critical
9.1
2023-02-16 CVE-2022-40675 Unspecified vulnerability in Fortinet Fortinac and Fortinac-F
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.
network
high complexity
fortinet
7.4