Fortinet

Fortinac

30 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-33300

  • EPSS 6.92%
  • Published 14.03.2025 15:46:48
  • Last modified 23.07.2025 21:13:27

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server comm...

9

CVE-2024-31488

  • EPSS 0.48%
  • Published 14.05.2024 17:17:23
  • Last modified 21.01.2025 21:47:47

An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remo...

6.1

CVE-2023-26206

  • EPSS 0.07%
  • Published 15.02.2024 14:15:44
  • Last modified 21.11.2024 07:50:54

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observ...

9.8

CVE-2023-33299

  • EPSS 9.99%
  • Published 23.06.2023 08:15:09
  • Last modified 21.11.2024 08:05:22

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication por...

7.5

CVE-2023-22633

  • EPSS 0.18%
  • Published 13.06.2023 09:15:16
  • Last modified 21.11.2024 07:45:05

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a...

7.2

CVE-2022-39946

  • EPSS 0.14%
  • Published 13.06.2023 09:15:14
  • Last modified 21.11.2024 07:18:32

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administ...

7.8

CVE-2023-26203

  • EPSS 0.04%
  • Published 03.05.2023 22:15:18
  • Last modified 21.11.2024 07:50:54

A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the databas...

9

CVE-2023-22637

  • EPSS 0.44%
  • Published 03.05.2023 22:15:17
  • Last modified 21.11.2024 07:45:06

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in Li...

7.5

CVE-2022-45860

  • EPSS 0.13%
  • Published 03.05.2023 22:15:15
  • Last modified 21.11.2024 07:29:51

A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to ...

4.4

CVE-2022-45859

  • EPSS 0.03%
  • Published 03.05.2023 22:15:15
  • Last modified 21.11.2024 07:29:51

An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' p...