Vulnerabilities > Fortinet > Fortinac > 9.4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-15 | CVE-2023-26206 | Cross-site Scripting vulnerability in Fortinet Fortinac An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | 6.1 |
| 2023-06-23 | CVE-2023-33299 | Deserialization of Untrusted Data vulnerability in Fortinet Fortinac A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. | 9.8 |
| 2023-06-13 | CVE-2022-39946 | Unspecified vulnerability in Fortinet Fortinac An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. | 7.2 |
| 2023-05-03 | CVE-2023-22637 | Cross-site Scripting vulnerability in Fortinet Fortinac and Fortinac-F An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. | 9.0 |
| 2023-05-03 | CVE-2023-26203 | Use of Hard-coded Credentials vulnerability in Fortinet Fortinac and Fortinac-F A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | 7.8 |