CVE-2022-39946

Published Jun 13, 2023

Last updated a year ago

CVSS high 7.2

Overview

Description: An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.
Source: psirt@fortinet.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-Other
psirt@fortinet.com: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8292B841-851C-42C2-AF13-17AB2FA894CD",
            "versionEndIncluding": "8.5.4",
            "versionStartIncluding": "8.5.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95E75B88-1750-4FB6-BCE4-74B69D93C918",
            "versionEndIncluding": "8.6.5",
            "versionStartIncluding": "8.6.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BD32B25-76B4-4D6E-BB5C-065070297058",
            "versionEndIncluding": "8.7.6",
            "versionStartIncluding": "8.7.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46929BE3-0396-4B8A-9889-9F6CA73FAD4E",
            "versionEndIncluding": "8.8.11",
            "versionStartIncluding": "8.8.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72F09A9E-3804-43BE-95B8-67418FEF269E",
            "versionEndIncluding": "9.1.10",
            "versionStartIncluding": "9.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "225F8F74-D68C-444E-87E9-BC8AED05BB42",
            "versionEndIncluding": "9.2.8",
            "versionStartIncluding": "9.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E12E11B0-E21A-4124-9DF9-FF268BB19813"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4648F862-AB8C-4B8D-8F2D-5D2641F08845"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B0251A8-1E8B-4B4A-962F-3E5950601814"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References