cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-26117,https://securityvulnerability.io/vulnerability/CVE-2022-26117,Configuration File Vulnerability in FortiNAC by Fortinet,"An empty password configuration flaw in various versions of FortiNAC allows authenticated attackers to exploit the vulnerability, potentially gaining unauthorized access to MySQL databases through the command-line interface (CLI). This issue affects multiple versions, and its presence emphasizes the importance of secure configuration practices.",Fortinet,Fortinet Fortinac,8.8,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2022-07-18T00:00:00.000Z,0
CVE-2022-26116,https://securityvulnerability.io/vulnerability/CVE-2022-26116,SQL Injection Vulnerability in Fortinet's FortiNAC Product,"An SQL Injection vulnerability exists in FortiNAC that allows authenticated attackers to execute unauthorized commands through specially crafted string parameters. This vulnerability arises from the improper neutralization of special elements used in SQL commands, potentially leading to severe security breaches. Affected versions include FortiNAC 8.3.7 and below, several versions in the 8.5, 8.6, 8.7, 8.8, and 9.1 series, making it essential for administrators to evaluate their current installations and apply necessary updates.",Fortinet,Fortinet Fortinac,7.2,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-05-11T07:20:10.000Z,0
CVE-2021-43065,https://securityvulnerability.io/vulnerability/CVE-2021-43065,Incorrect Permission Assignment Vulnerability in Fortinet FortiNAC,"An incorrect permission assignment in Fortinet FortiNAC allows unauthorized access to critical resources, enabling attackers to elevate their privileges and access sensitive system data. This vulnerability affects multiple versions of the product, including 9.2.0, 9.1.3 and earlier, and 8.8.9 and earlier, posing a significant risk to organizations reliant on FortiNAC for network access control. Users are advised to review the provided references and apply necessary security updates promptly.",Fortinet,Fortinet Fortinac,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2021-12-09T09:15:04.000Z,0
CVE-2021-41021,https://securityvulnerability.io/vulnerability/CVE-2021-41021,Privilege Escalation Vulnerability in FortiNAC by Fortinet,"A privilege escalation vulnerability exists in FortiNAC that may allow admin users to elevate their privileges to root level through the misuse of the sudo command. This issue affects FortiNAC versions 8.8.8 and earlier as well as versions 9.1.2 and earlier, presenting significant risks for system security and integrity.",Fortinet,Fortinet Fortinac,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-08T17:48:06.000Z,0
CVE-2021-24011,https://securityvulnerability.io/vulnerability/CVE-2021-24011,Privilege Escalation in FortiNAC by Fortinet,"A privilege escalation vulnerability exists in FortiNAC, specifically in versions prior to 8.8.2. This flaw enables an admin user to elevate their privileges to root level by manipulating sudo configurations. When exploited, this vulnerability poses a significant risk as it can grant unauthorized access to system-critical functions, potentially leading to further security breaches.",Fortinet,Fortinet Fortinac,6.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-05-10T11:43:18.000Z,0
CVE-2020-12816,https://securityvulnerability.io/vulnerability/CVE-2020-12816,Stored Cross-Site Scripting Vulnerability in FortiNAC by Fortinet,"FortiNAC versions earlier than 8.7.2 are susceptible to an input validation flaw that enables a remote authenticated attacker to execute a stored cross-site scripting (XSS) attack. This can occur through manipulation of Admin User IDs, potentially leading to unauthorized access and execution of malicious scripts within the context of the affected application, risking user data and application integrity.",Fortinet,Fortinet Fortinac,6.1,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2020-09-24T13:29:01.000Z,0
CVE-2019-5594,https://securityvulnerability.io/vulnerability/CVE-2019-5594,Cross-Site Scripting Vulnerability in Fortinet FortiNAC Admin WebUI,"A reflected Cross-Site Scripting (XSS) vulnerability exists in the admin web interface of Fortinet FortiNAC from versions 8.3.0 to 8.3.6 and 8.5.0. This vulnerability allows an unauthenticated attacker to exploit the search field, potentially injecting malicious scripts that could be executed in the context of a victim's browser, leading to unauthorized actions or data theft. Organizations should take immediate steps to mitigate this threat by applying the appropriate patches and securing their FortiNAC deployments.",Fortinet,Fortinet Fortinac,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2019-08-23T20:10:54.000Z,0