Vulnerabilities > Fortinet > Fortinac

DATE CVE VULNERABILITY TITLE RISK
2024-02-15 CVE-2023-26206 Cross-site Scripting vulnerability in Fortinet Fortinac
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
network
low complexity
fortinet CWE-79
6.1
2023-06-23 CVE-2023-33299 Deserialization of Untrusted Data vulnerability in Fortinet Fortinac
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port.
network
low complexity
fortinet CWE-502
critical
9.8
2023-06-13 CVE-2022-39946 Unspecified vulnerability in Fortinet Fortinac
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.
network
low complexity
fortinet
7.2
2023-06-13 CVE-2023-22633 Unspecified vulnerability in Fortinet Fortinac and Fortinac-F
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.
network
low complexity
fortinet
7.5
2023-05-03 CVE-2022-43950 Open Redirect vulnerability in Fortinet Fortinac and Fortinac-F
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
network
low complexity
fortinet CWE-601
4.7
2023-05-03 CVE-2022-45858 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet Fortinac
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.
network
high complexity
fortinet CWE-327
7.4
2023-05-03 CVE-2022-45859 Insufficiently Protected Credentials vulnerability in Fortinet Fortinac and Fortinac-F
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.
local
low complexity
fortinet CWE-522
4.4
2023-05-03 CVE-2022-45860 Improper Authentication vulnerability in Fortinet Fortinac and Fortinac-F
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.
network
low complexity
fortinet CWE-287
7.5
2023-05-03 CVE-2023-22637 Cross-site Scripting vulnerability in Fortinet Fortinac and Fortinac-F
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.
network
low complexity
fortinet CWE-79
critical
9.0
2023-05-03 CVE-2023-26203 Use of Hard-coded Credentials vulnerability in Fortinet Fortinac and Fortinac-F
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.
local
low complexity
fortinet CWE-798
7.8