CVE-2022-38375

Summary

An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiNAC9.4.0 <= 9.4.1affected
FortinetFortiNAC9.2.0 <= 9.2.6affected

Weaknesses

  • CWE-285: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References