7.5

CVE-2023-22633

EPSS 0.18%
Veröffentlicht 13.06.2023 09:15:16
Zuletzt bearbeitet 21.11.2024 07:45:05
Quelle psirt@fortinet.com
Teams Watchlist Login
Unerledigt Login

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortinac Version >= 8.7.0 <= 8.7.6

Fortinet ≫ Fortinac Version >= 8.8.0 <= 8.8.11

Fortinet ≫ Fortinac Version >= 9.1.0 <= 9.1.8

Fortinet ≫ Fortinac Version >= 9.2.0 <= 9.2.6

Fortinet ≫ Fortinac Version9.4.0

Fortinet ≫ Fortinac Version9.4.1

Fortinet ≫ Fortinac-f Version7.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.36

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
psirt@fortinet.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

https://fortiguard.com/psirt/FG-IR-22-521

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-22633

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22633

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22633

EUVD