CVE-2022-43951

Summary

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiNAC9.4.0 <= 9.4.1affected
FortinetFortiNAC9.2.0 <= 9.2.7affected
FortinetFortiNAC9.1.0 <= 9.1.9affected
FortinetFortiNAC8.8.0 <= 8.8.11affected
FortinetFortiNAC8.7.0 <= 8.7.6affected

Weaknesses

  • CWE-200: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References