- Description
- A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.
- Source
- psirt@fortinet.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2638973E-2258-4D0F-AF28-36D63652141D",
"versionEndIncluding": "9.2.7",
"versionStartIncluding": "8.7.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2DF0CAE-9209-4DEC-8197-11F9D34D7C8A",
"versionEndExcluding": "9.4.3",
"versionStartIncluding": "9.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77DE647F-0252-42E2-8BDD-C98DC899C613"
}
],
"operator": "OR"
}
]
}
]