CVE-2023-22637

Summary

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiNAC9.4.0 <= 9.4.2affected
FortinetFortiNAC9.2.0 <= 9.2.7affected
FortinetFortiNAC9.1.0 <= 9.1.9affected
FortinetFortiNAC8.8.0 <= 8.8.11affected
FortinetFortiNAC8.7.0 <= 8.7.6affected

Weaknesses

  • CWE-79: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References