CVE-2022-40678

Summary

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiNAC9.4.0affected
FortinetFortiNAC9.2.0 <= 9.2.5affected
FortinetFortiNAC9.1.0 <= 9.1.7affected
FortinetFortiNAC8.8.0 <= 8.8.11affected
FortinetFortiNAC8.7.0 <= 8.7.6affected
FortinetFortiNAC8.6.0 <= 8.6.5affected
FortinetFortiNAC8.5.0 <= 8.5.4affected
FortinetFortiNAC8.3.7affected

Weaknesses

  • CWE-522: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References