Vulnerabilities > Fortinet > Fortinac > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-06-23 CVE-2023-33299 Deserialization of Untrusted Data vulnerability in Fortinet Fortinac
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port.
network
low complexity
fortinet CWE-502
critical
9.8
2023-05-03 CVE-2023-22637 Cross-site Scripting vulnerability in Fortinet Fortinac and Fortinac-F
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.
network
low complexity
fortinet CWE-79
critical
9.0
2023-02-16 CVE-2022-39954 XXE vulnerability in Fortinet Fortinac and Fortinac-F
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
network
low complexity
fortinet CWE-611
critical
9.1
2023-02-16 CVE-2022-39952 Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortinac
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
network
low complexity
fortinet CWE-668
critical
9.8
2023-02-16 CVE-2022-38375 Unspecified vulnerability in Fortinet Fortinac and Fortinac-F
An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
network
low complexity
fortinet
critical
9.8