CVE-2023-26206

Summary

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiNAC9.4.0 <= 9.4.2affected
FortinetFortiNAC9.2.0 <= 9.2.8affected
FortinetFortiNAC9.1.0 <= 9.1.10affected
FortinetFortiNAC7.2.0affected

Weaknesses

  • CWE-79: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References