Vulnerabilities > Fortinet > Fortinac > 8.8.2

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2022-26116 SQL Injection vulnerability in Fortinet Fortinac
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
network
low complexity
fortinet CWE-89
6.5
6.5
2021-12-09 CVE-2021-43065 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortinac
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
local
low complexity
fortinet CWE-732
7.2
7.2
2021-12-08 CVE-2021-41021 Unspecified vulnerability in Fortinet Fortinac
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
local
low complexity
fortinet
7.2
7.2