CVE-2023-48785

Summary

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiNAC-F7.2.0 <= 7.2.4affected

Weaknesses

  • CWE-295: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References