Vulnerabilities > Fortinet > Fortinac > 9.4.2

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2022-38375 Unspecified vulnerability in Fortinet Fortinac and Fortinac-F
An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
network
low complexity
fortinet
critical
9.8
2023-02-16 CVE-2022-39954 XXE vulnerability in Fortinet Fortinac and Fortinac-F
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
network
low complexity
fortinet CWE-611
critical
9.1
2023-02-16 CVE-2022-40675 Unspecified vulnerability in Fortinet Fortinac and Fortinac-F
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.
network
high complexity
fortinet
7.4