cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-31488,https://securityvulnerability.io/vulnerability/CVE-2024-31488,Cross Site Scripting Vulnerability in FortiNAC by Fortinet,"This vulnerability arises from the improper handling of user inputs during the generation of web pages in FortiNAC. It allows remote authenticated attackers to execute stored and reflected cross-site scripting (XSS) attacks through specially crafted HTTP requests, potentially compromising the integrity and confidentiality of the affected system. Users of FortiNAC versions 7.2.0 to 9.4.4 are particularly at risk, necessitating immediate remediation to protect sensitive information.",Fortinet,Fortinac,6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T16:19:08.151Z,0
CVE-2023-26206,https://securityvulnerability.io/vulnerability/CVE-2023-26206,Fortinet FortiNAC Cross-Site Scripting Vulnerability,"A vulnerability exists in Fortinet's FortiNAC due to improper neutralization of user input during the web page generation process. This issue, identified in multiple versions of the product, can be exploited by attackers to inject and execute unauthorized commands or code. The attack vectors are primarily related to the input fields found in policy audit logs. If successfully exploited, this could lead to significant security breaches, allowing attackers to manipulate the application's behavior or access sensitive data.",Fortinet,FortiNAC,6.1,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-02-15T13:59:23.207Z,0
CVE-2023-33299,https://securityvulnerability.io/vulnerability/CVE-2023-33299,Deserialization Vulnerability in Fortinet FortiNAC Products,"A deserialization vulnerability exists in Fortinet's FortiNAC product that allows an attacker to execute unauthorized code or commands. This flaw affects FortiNAC versions below 7.2.1, 9.4.3, 9.2.8, and all earlier versions of the 8.x series. Specifically crafted requests sent over inter-server communication ports can exploit this vulnerability, posing a significant threat to system security. Notably, FortiNAC version 8.x will not receive a fix for this issue.",Fortinet,Fortinac,9.6,CRITICAL,0.0030799999367445707,false,false,false,false,,false,false,2023-06-23T08:15:00.000Z,0
CVE-2023-22633,https://securityvulnerability.io/vulnerability/CVE-2023-22633,Improper Permissions and Access Control Vulnerability in FortiNAC by Fortinet,"This vulnerability in FortiNAC products from Fortinet stems from improper permissions and access controls, which can be exploited by unauthenticated attackers. Attackers may leverage this weakness to launch a Denial of Service (DoS) attack against the affected devices through client-secure renegotiation. Multiple versions, including FortiNAC-F 7.2.0 and earlier, are susceptible, necessitating immediate attention and remediation to safeguard network security.",Fortinet,Fortinac,7.2,HIGH,0.001129999989643693,false,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2022-39946,https://securityvulnerability.io/vulnerability/CVE-2022-39946,Access Control Vulnerability in Fortinet FortiNAC Product,"An access control vulnerability in Fortinet's FortiNAC product allows an authenticated remote attacker on the administrative interface to execute unauthorized JSP calls through specially crafted HTTP requests. This could potentially compromise the integrity of the system and allow unauthorized operations. The vulnerability affects multiple versions of FortiNAC, necessitating prompt attention from users to mitigate associated risks.",Fortinet,Fortinac,7.2,HIGH,0.0013699999544769526,false,false,false,false,,false,false,2023-06-13T08:41:41.234Z,0
CVE-2023-22637,https://securityvulnerability.io/vulnerability/CVE-2023-22637,,"An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.",Fortinet,Fortinac,5.9,MEDIUM,0.0016400000313296914,false,false,false,false,,false,false,2023-05-03T22:15:00.000Z,0
CVE-2023-26203,https://securityvulnerability.io/vulnerability/CVE-2023-26203,,"A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.",Fortinet,Fortinac,6.1,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-05-03T22:15:00.000Z,0
CVE-2022-45860,https://securityvulnerability.io/vulnerability/CVE-2022-45860,,"A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.",Fortinet,Fortinac,5,MEDIUM,0.0011599999852478504,false,false,false,false,,false,false,2023-05-03T21:26:57.148Z,0
CVE-2022-45858,https://securityvulnerability.io/vulnerability/CVE-2022-45858,,"A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.",Fortinet,Fortinac,3.8,LOW,0.0010499999625608325,false,false,false,false,,false,false,2023-05-03T21:26:54.032Z,0
CVE-2022-43950,https://securityvulnerability.io/vulnerability/CVE-2022-43950,,"A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 
 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.",Fortinet,Fortinac,3.9,LOW,0.0006000000284984708,false,false,false,false,,false,false,2023-05-03T21:26:50.797Z,0
CVE-2022-45859,https://securityvulnerability.io/vulnerability/CVE-2022-45859,,"An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.",Fortinet,Fortinac,3.9,LOW,0.0004199999966658652,false,false,false,false,,false,false,2023-05-03T21:26:47.577Z,0
CVE-2022-43951,https://securityvulnerability.io/vulnerability/CVE-2022-43951,,"An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.",Fortinet,Fortinac,4.8,MEDIUM,0.0015300000086426735,false,false,false,false,,false,false,2023-04-11T16:05:46.705Z,0
CVE-2022-40676,https://securityvulnerability.io/vulnerability/CVE-2022-40676,Cross-Site Scripting Vulnerability in Fortinet FortiNAC by Fortinet,"An improper neutralization of input during web page generation in Fortinet FortiNAC allows attackers to exploit the system through crafted HTTP requests. This vulnerability can lead to the execution of unauthorized code or commands, posing a significant risk to the integrity and confidentiality of the affected systems.",Fortinet,Fortinac,7.1,HIGH,0.000539999979082495,false,false,false,false,,false,false,2023-03-07T16:04:55.119Z,0
CVE-2022-39953,https://securityvulnerability.io/vulnerability/CVE-2022-39953,Improper Privilege Management in Fortinet FortiNAC Affects Multiple Versions,"The Fortinet FortiNAC product suffers from an improper privilege management vulnerability that allows attackers to escalate privileges using specially crafted commands. This weakness is present across multiple versions, including those from 9.4 down to 8.3.7, potentially exposing systems to unauthorized access and control. Organizations using affected versions are encouraged to take immediate action to mitigate this risk.",Fortinet,Fortinac,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-03-07T16:04:40.876Z,0
CVE-2023-22638,https://securityvulnerability.io/vulnerability/CVE-2023-22638,,"Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC  9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.",Fortinet,Fortinac,6.7,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-02-16T19:15:00.000Z,0
CVE-2022-40677,https://securityvulnerability.io/vulnerability/CVE-2022-40677,Command Injection Vulnerability in Fortinet FortiNAC,"A command injection vulnerability exists in Fortinet FortiNAC, where improper neutralization of argument delimiters allows an attacker to craft input parameters that can lead to the execution of unauthorized code or commands. This vulnerability spans multiple versions of the FortiNAC product and emphasizes the importance of securing user inputs to prevent potential exploitation by malicious actors.",Fortinet,Fortinac,7.2,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2023-02-16T18:06:57.630Z,0
CVE-2022-39952,https://securityvulnerability.io/vulnerability/CVE-2022-39952,File Path Manipulation Vulnerability in Fortinet FortiNAC,"A vulnerability in Fortinet FortiNAC allows unauthenticated attackers to manipulate file paths or names through crafted HTTP requests. This can lead to unauthorized code execution, potentially compromising system integrity. The affected versions of FortiNAC span multiple major and minor releases, emphasizing the importance for users to patch and secure their systems against this exploit.",Fortinet,Fortinac,9.8,CRITICAL,0.9372199773788452,false,false,false,true,true,false,false,2023-02-16T18:06:55.108Z,0
CVE-2022-40675,https://securityvulnerability.io/vulnerability/CVE-2022-40675,,"Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.",Fortinet,Fortinac,6,MEDIUM,0.0012000000569969416,false,false,false,false,,false,false,2023-02-16T18:06:52.567Z,0
CVE-2022-39954,https://securityvulnerability.io/vulnerability/CVE-2022-39954,,"An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.",Fortinet,Fortinac,6.9,MEDIUM,0.001979999942705035,false,false,false,false,,false,false,2023-02-16T18:06:50.083Z,0
CVE-2022-40678,https://securityvulnerability.io/vulnerability/CVE-2022-40678,Insufficient Credential Protection in Fortinet FortiNAC Software,"An issue in Fortinet FortiNAC allows local attackers with access to the database to exploit insufficiently protected credentials, potentially enabling them to recover user passwords. This poses a significant risk to data security and requires immediate attention to safeguard sensitive information.",Fortinet,Fortinac,7.4,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-02-16T18:06:47.487Z,0
CVE-2022-38376,https://securityvulnerability.io/vulnerability/CVE-2022-38376,,Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.,Fortinet,Fortinac,5.8,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2023-02-16T18:06:24.667Z,0
CVE-2022-38375,https://securityvulnerability.io/vulnerability/CVE-2022-38375,Improper Authorization Vulnerability in Fortinet FortiNAC,"An improper authorization vulnerability exists in Fortinet FortiNAC versions 9.4.0 through 9.4.1 and before 9.2.6. This flaw allows unauthenticated users to execute certain administrative operations on the FortiNAC instance through specially crafted HTTP POST requests. This could lead to unauthorized access and manipulation of sensitive configurations, posing a significant risk to the security posture of affected networks.",Fortinet,Fortinac,8.6,HIGH,0.0026400000788271427,false,false,false,false,,false,false,2023-02-16T18:06:21.944Z,0
CVE-2022-26117,https://securityvulnerability.io/vulnerability/CVE-2022-26117,,"An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.",Fortinet,Fortinet Fortinac,8.8,HIGH,0.0009500000160187483,false,false,false,false,,false,false,2022-07-18T00:00:00.000Z,0
CVE-2022-26116,https://securityvulnerability.io/vulnerability/CVE-2022-26116,,"Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.",Fortinet,Fortinet Fortinac,7.2,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2022-05-11T07:20:10.000Z,0
CVE-2021-43065,https://securityvulnerability.io/vulnerability/CVE-2021-43065,,"A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.",Fortinet,Fortinet Fortinac,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2021-12-09T09:15:04.000Z,0