cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-31488,https://securityvulnerability.io/vulnerability/CVE-2024-31488,Cross Site Scripting Vulnerability in FortiNAC by Fortinet,"This vulnerability arises from the improper handling of user inputs during the generation of web pages in FortiNAC. It allows remote authenticated attackers to execute stored and reflected cross-site scripting (XSS) attacks through specially crafted HTTP requests, potentially compromising the integrity and confidentiality of the affected system. Users of FortiNAC versions 7.2.0 to 9.4.4 are particularly at risk, necessitating immediate remediation to protect sensitive information.",Fortinet,Fortinac,9,CRITICAL,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-14T16:19:08.151Z,0
CVE-2023-26206,https://securityvulnerability.io/vulnerability/CVE-2023-26206,Fortinet FortiNAC Cross-Site Scripting Vulnerability,"A vulnerability exists in Fortinet's FortiNAC due to improper neutralization of user input during the web page generation process. This issue, identified in multiple versions of the product, can be exploited by attackers to inject and execute unauthorized commands or code. The attack vectors are primarily related to the input fields found in policy audit logs. If successfully exploited, this could lead to significant security breaches, allowing attackers to manipulate the application's behavior or access sensitive data.",Fortinet,FortiNAC,6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-02-15T13:59:23.207Z,0
CVE-2023-33299,https://securityvulnerability.io/vulnerability/CVE-2023-33299,Deserialization Vulnerability in Fortinet FortiNAC Products,"A deserialization vulnerability exists in Fortinet's FortiNAC product that allows an attacker to execute unauthorized code or commands. This flaw affects FortiNAC versions below 7.2.1, 9.4.3, 9.2.8, and all earlier versions of the 8.x series. Specifically crafted requests sent over inter-server communication ports can exploit this vulnerability, posing a significant threat to system security. Notably, FortiNAC version 8.x will not receive a fix for this issue.",Fortinet,Fortinac,9.6,CRITICAL,0.0030799999367445707,false,,false,false,false,,,false,false,,2023-06-23T08:15:00.000Z,0
CVE-2023-22633,https://securityvulnerability.io/vulnerability/CVE-2023-22633,Improper Permissions and Access Control Vulnerability in FortiNAC by Fortinet,"This vulnerability in FortiNAC products from Fortinet stems from improper permissions and access controls, which can be exploited by unauthenticated attackers. Attackers may leverage this weakness to launch a Denial of Service (DoS) attack against the affected devices through client-secure renegotiation. Multiple versions, including FortiNAC-F 7.2.0 and earlier, are susceptible, necessitating immediate attention and remediation to safeguard network security.",Fortinet,Fortinac,7.2,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2023-06-13T09:15:00.000Z,0
CVE-2022-39946,https://securityvulnerability.io/vulnerability/CVE-2022-39946,Access Control Vulnerability in Fortinet FortiNAC Product,"An access control vulnerability in Fortinet's FortiNAC product allows an authenticated remote attacker on the administrative interface to execute unauthorized JSP calls through specially crafted HTTP requests. This could potentially compromise the integrity of the system and allow unauthorized operations. The vulnerability affects multiple versions of FortiNAC, necessitating prompt attention from users to mitigate associated risks.",Fortinet,Fortinac,7.2,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2023-06-13T08:41:41.234Z,0
CVE-2023-26203,https://securityvulnerability.io/vulnerability/CVE-2023-26203,Use of Hard-Coded Credentials Vulnerability in FortiNAC by Fortinet,"A vulnerability exists in FortiNAC that stems from the use of hard-coded credentials. This flaw allows an authenticated attacker to execute shell commands, potentially leading to unauthorized access to the database. Affected versions include FortiNAC-F 7.2.0 and several earlier versions of FortiNAC. It is crucial for users to address this security issue to maintain the integrity of their systems.",Fortinet,Fortinac,6.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-03T22:15:00.000Z,0
CVE-2023-22637,https://securityvulnerability.io/vulnerability/CVE-2023-22637,Cross-Site Scripting in Fortinet FortiNAC Licensing System,"An input validation issue in the License Management of Fortinet FortiNAC allows an authenticated attacker to exploit the system using crafted licenses. This flaw can lead to remote code execution, posing significant security risks to environments utilizing affected versions of FortiNAC. Proper security measures and updates are essential to mitigate potential threats stemming from this vulnerability.",Fortinet,Fortinac,5.9,MEDIUM,0.0016400000313296914,false,,false,false,false,,,false,false,,2023-05-03T22:15:00.000Z,0
CVE-2022-45860,https://securityvulnerability.io/vulnerability/CVE-2022-45860,Weak Authentication Vulnerability in Fortinet's FortiNAC Product Line,"A weak authentication vulnerability exists in Fortinet's FortiNAC products, allowing unauthenticated attackers to exploit the device registration page. This flaw can facilitate password spraying attacks, significantly increasing the likelihood of unauthorized access to sensitive systems. Affected versions include FortiNAC-F 7.2.0, FortiNAC 9.4.2 and earlier, as well as various versions in the 9.2, 9.1, 8.8, and 8.7 series. Organizations using these versions are advised to take immediate measures to secure their installations.",Fortinet,Fortinac,5,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-05-03T21:26:57.148Z,0
CVE-2022-45858,https://securityvulnerability.io/vulnerability/CVE-2022-45858,Weak Cryptographic Algorithm Vulnerability in FortiNAC by Fortinet,"A vulnerability exists in FortiNAC products, where a weak cryptographic algorithm may allow attackers to access sensitive information or execute man-in-the-middle attacks. This flaw affects multiple versions of FortiNAC, potentially putting user data at risk and compromising network security.",Fortinet,Fortinac,3.8,LOW,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-05-03T21:26:54.032Z,0
CVE-2022-43950,https://securityvulnerability.io/vulnerability/CVE-2022-43950,Open Redirect Vulnerability in FortiNAC by Fortinet,"The vulnerability in FortiNAC allows an unauthenticated attacker to exploit the Open Redirect flaw by crafting a malicious URL. When users interact with this crafted link, they can be redirected to any arbitrary website, posing serious security risks that could facilitate phishing attacks or other malicious activities.",Fortinet,Fortinac,3.9,LOW,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-05-03T21:26:50.797Z,0
CVE-2022-45859,https://securityvulnerability.io/vulnerability/CVE-2022-45859,Insufficiently Protected Credentials in FortiNAC by Fortinet,"An insufficiently protected credentials vulnerability exists in FortiNAC versions, allowing local attackers with system access to exploit this weakness and retrieve users' passwords. This poses a significant risk to the confidentiality of sensitive information within the affected systems. Organizations using FortiNAC should review their security posture and ensure proper credential management practices are in place to mitigate potential unauthorized access.",Fortinet,Fortinac,3.9,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-05-03T21:26:47.577Z,0
CVE-2022-43951,https://securityvulnerability.io/vulnerability/CVE-2022-43951,Sensitive Information Exposure in Fortinet FortiNAC Products,"The vulnerability in Fortinet's FortiNAC products allows an unauthorized actor to gain access to sensitive information through crafted HTTP requests. This vulnerability, categorized under CWE-200, affects multiple versions, including those prior to 9.4.1, exposing critical information that could be exploited by attackers to compromise network integrity. Organizations using affected versions should take immediate measures to assess their exposure and implement necessary updates or patches.",Fortinet,Fortinac,4.8,MEDIUM,0.0015300000086426735,false,,false,false,false,,,false,false,,2023-04-11T16:05:46.705Z,0
CVE-2022-40676,https://securityvulnerability.io/vulnerability/CVE-2022-40676,Cross-Site Scripting Vulnerability in Fortinet FortiNAC by Fortinet,"An improper neutralization of input during web page generation in Fortinet FortiNAC allows attackers to exploit the system through crafted HTTP requests. This vulnerability can lead to the execution of unauthorized code or commands, posing a significant risk to the integrity and confidentiality of the affected systems.",Fortinet,Fortinac,7.1,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-03-07T16:04:55.119Z,0
CVE-2022-39953,https://securityvulnerability.io/vulnerability/CVE-2022-39953,Improper Privilege Management in Fortinet FortiNAC Affects Multiple Versions,"The Fortinet FortiNAC product suffers from an improper privilege management vulnerability that allows attackers to escalate privileges using specially crafted commands. This weakness is present across multiple versions, including those from 9.4 down to 8.3.7, potentially exposing systems to unauthorized access and control. Organizations using affected versions are encouraged to take immediate action to mitigate this risk.",Fortinet,Fortinac,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-03-07T16:04:40.876Z,0
CVE-2023-22638,https://securityvulnerability.io/vulnerability/CVE-2023-22638,Cross-Site Scripting Vulnerability in FortiNAC by Fortinet,"FortiNAC versions up to 9.4.1 include vulnerabilities due to improper neutralization of inputs during web page generation. Authenticated attackers can exploit this flaw to execute multiple XSS attacks through specially crafted HTTP GET requests, potentially leading to unauthorized access or data leakage.",Fortinet,Fortinac,6.7,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2022-40677,https://securityvulnerability.io/vulnerability/CVE-2022-40677,Command Injection Vulnerability in Fortinet FortiNAC,"A command injection vulnerability exists in Fortinet FortiNAC, where improper neutralization of argument delimiters allows an attacker to craft input parameters that can lead to the execution of unauthorized code or commands. This vulnerability spans multiple versions of the FortiNAC product and emphasizes the importance of securing user inputs to prevent potential exploitation by malicious actors.",Fortinet,Fortinac,7.2,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-02-16T18:06:57.630Z,0
CVE-2022-39952,https://securityvulnerability.io/vulnerability/CVE-2022-39952,File Path Manipulation Vulnerability in Fortinet FortiNAC,"A vulnerability in Fortinet FortiNAC allows unauthenticated attackers to manipulate file paths or names through crafted HTTP requests. This can lead to unauthorized code execution, potentially compromising system integrity. The affected versions of FortiNAC span multiple major and minor releases, emphasizing the importance for users to patch and secure their systems against this exploit.",Fortinet,Fortinac,9.8,CRITICAL,0.9372199773788452,false,,false,false,true,2023-03-27T17:25:17.000Z,true,false,false,,2023-02-16T18:06:55.108Z,0
CVE-2022-40675,https://securityvulnerability.io/vulnerability/CVE-2022-40675,Cryptographic Issues in Fortinet FortiNAC Product Line,"Certain cryptographic vulnerabilities in Fortinet FortiNAC versions allow attackers to potentially decrypt and manipulate protocol communication messages. This could lead to unauthorized access and data exposure, thereby compromising the integrity of the network communications. It's crucial for users of affected versions to apply necessary updates and patches to mitigate these risks.",Fortinet,Fortinac,6,MEDIUM,0.0012000000569969416,false,,false,false,false,,,false,false,,2023-02-16T18:06:52.567Z,0
CVE-2022-39954,https://securityvulnerability.io/vulnerability/CVE-2022-39954,Improper XML External Entity Handling in Fortinet FortiNAC,"Fortinet FortiNAC is susceptible to an improper restriction of XML external entity references, impacting various versions. This vulnerability enables attackers to exploit crafted XML documents to either read arbitrary files from the affected server or induce a denial of service. The flaw exists across multiple versions, affecting user environments where FortiNAC is deployed, thereby opening avenues for potential data breaches and service interruptions.",Fortinet,Fortinac,6.9,MEDIUM,0.001979999942705035,false,,false,false,false,,,false,false,,2023-02-16T18:06:50.083Z,0
CVE-2022-40678,https://securityvulnerability.io/vulnerability/CVE-2022-40678,Insufficient Credential Protection in Fortinet FortiNAC Software,"An issue in Fortinet FortiNAC allows local attackers with access to the database to exploit insufficiently protected credentials, potentially enabling them to recover user passwords. This poses a significant risk to data security and requires immediate attention to safeguard sensitive information.",Fortinet,Fortinac,7.4,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-16T18:06:47.487Z,0
CVE-2022-38376,https://securityvulnerability.io/vulnerability/CVE-2022-38376,Cross-Site Scripting Vulnerabilities in Fortinet FortiNAC Portal UI,"Multiple vulnerabilities related to improper neutralization of input during the web page generation in the Fortinet FortiNAC portal UI prior to version 9.4.1 could allow an attacker to execute cross-site scripting (XSS) attacks. These flaws can be exploited through specially crafted HTTP requests, potentially enabling unauthorized access to sensitive information or session hijacking. It's crucial for users of FortiNAC to upgrade to the latest version to mitigate these security risks.",Fortinet,Fortinac,5.8,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-02-16T18:06:24.667Z,0
CVE-2022-38375,https://securityvulnerability.io/vulnerability/CVE-2022-38375,Improper Authorization Vulnerability in Fortinet FortiNAC,"An improper authorization vulnerability exists in Fortinet FortiNAC versions 9.4.0 through 9.4.1 and before 9.2.6. This flaw allows unauthenticated users to execute certain administrative operations on the FortiNAC instance through specially crafted HTTP POST requests. This could lead to unauthorized access and manipulation of sensitive configurations, posing a significant risk to the security posture of affected networks.",Fortinet,Fortinac,8.6,HIGH,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-02-16T18:06:21.944Z,0
CVE-2022-26117,https://securityvulnerability.io/vulnerability/CVE-2022-26117,Configuration File Vulnerability in FortiNAC by Fortinet,"An empty password configuration flaw in various versions of FortiNAC allows authenticated attackers to exploit the vulnerability, potentially gaining unauthorized access to MySQL databases through the command-line interface (CLI). This issue affects multiple versions, and its presence emphasizes the importance of secure configuration practices.",Fortinet,Fortinet Fortinac,8.8,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2022-07-18T00:00:00.000Z,0
CVE-2022-26116,https://securityvulnerability.io/vulnerability/CVE-2022-26116,SQL Injection Vulnerability in Fortinet's FortiNAC Product,"An SQL Injection vulnerability exists in FortiNAC that allows authenticated attackers to execute unauthorized commands through specially crafted string parameters. This vulnerability arises from the improper neutralization of special elements used in SQL commands, potentially leading to severe security breaches. Affected versions include FortiNAC 8.3.7 and below, several versions in the 8.5, 8.6, 8.7, 8.8, and 9.1 series, making it essential for administrators to evaluate their current installations and apply necessary updates.",Fortinet,Fortinet Fortinac,7.2,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-05-11T07:20:10.000Z,0
CVE-2021-43065,https://securityvulnerability.io/vulnerability/CVE-2021-43065,Incorrect Permission Assignment Vulnerability in Fortinet FortiNAC,"An incorrect permission assignment in Fortinet FortiNAC allows unauthorized access to critical resources, enabling attackers to elevate their privileges and access sensitive system data. This vulnerability affects multiple versions of the product, including 9.2.0, 9.1.3 and earlier, and 8.8.9 and earlier, posing a significant risk to organizations reliant on FortiNAC for network access control. Users are advised to review the provided references and apply necessary security updates promptly.",Fortinet,Fortinet Fortinac,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2021-12-09T09:15:04.000Z,0