Fortinet

Fortinac

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-33300

  • EPSS 6.92%
  • Veröffentlicht 14.03.2025 15:46:48
  • Zuletzt bearbeitet 23.07.2025 21:13:27

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server comm...

9

CVE-2024-31488

  • EPSS 0.48%
  • Veröffentlicht 14.05.2024 17:17:23
  • Zuletzt bearbeitet 21.01.2025 21:47:47

An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remo...

6.1

CVE-2023-26206

  • EPSS 0.07%
  • Veröffentlicht 15.02.2024 14:15:44
  • Zuletzt bearbeitet 21.11.2024 07:50:54

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observ...

9.8

CVE-2023-33299

  • EPSS 9.99%
  • Veröffentlicht 23.06.2023 08:15:09
  • Zuletzt bearbeitet 21.11.2024 08:05:22

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication por...

7.5

CVE-2023-22633

  • EPSS 0.18%
  • Veröffentlicht 13.06.2023 09:15:16
  • Zuletzt bearbeitet 21.11.2024 07:45:05

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a...

7.2

CVE-2022-39946

  • EPSS 0.14%
  • Veröffentlicht 13.06.2023 09:15:14
  • Zuletzt bearbeitet 21.11.2024 07:18:32

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administ...

7.8

CVE-2023-26203

  • EPSS 0.04%
  • Veröffentlicht 03.05.2023 22:15:18
  • Zuletzt bearbeitet 21.11.2024 07:50:54

A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the databas...

9

CVE-2023-22637

  • EPSS 0.44%
  • Veröffentlicht 03.05.2023 22:15:17
  • Zuletzt bearbeitet 21.11.2024 07:45:06

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in Li...

7.5

CVE-2022-45860

  • EPSS 0.13%
  • Veröffentlicht 03.05.2023 22:15:15
  • Zuletzt bearbeitet 21.11.2024 07:29:51

A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to ...

4.4

CVE-2022-45859

  • EPSS 0.03%
  • Veröffentlicht 03.05.2023 22:15:15
  • Zuletzt bearbeitet 21.11.2024 07:29:51

An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' p...