EUVD-2022-48712

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Insufficiently protected credentials vulnerability in FortiNAC versions allows password retrieval by attackers.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2022-45859	4 May 202302:36	–	circl
CNNVD	Fortinet FortiNAC 安全漏洞	3 May 202300:00	–	cnnvd
CVE	CVE-2022-45859	3 May 202321:26	–	cve
Cvelist	CVE-2022-45859	3 May 202321:26	–	cvelist
Fortinet	FortiNAC - Weak password hashing method in /etc/shadow	3 May 202300:00	–	fortinet
NVD	CVE-2022-45859	3 May 202322:15	–	nvd
OSV	CVE-2022-45859	3 May 202322:15	–	osv
Prion	Design/Logic Flaw	3 May 202322:15	–	prion
Positive Technologies	PT-2023-2754 · Fortinet · Fortinac-F +1	3 May 202300:00	–	ptsecurity
RedhatCVE	CVE-2022-45859	23 May 202500:19	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "15796d3e-dce8-3503-b01b-49882d35fe59",
        "vendor": {
          "name": "Fortinet"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "42acad3b-554d-3417-a0dc-2f19c4869ac5",
        "product": {
          "name": "FortiNAC"
        },
        "product_version": "8.8.0 ≤8.8.11"
      },
      {
        "id": "48cefb27-b801-3712-9097-037ed029600e",
        "product": {
          "name": "FortiNAC"
        },
        "product_version": "8.7.0 ≤8.7.6"
      },
      {
        "id": "adbc2c9d-512e-395a-bba0-776f21fb6157",
        "product": {
          "name": "FortiNAC"
        },
        "product_version": "9.4.0 ≤9.4.1"
      },
      {
        "id": "c6cee0e4-0708-39f9-b0bc-5b319f18bc76",
        "product": {
          "name": "FortiNAC"
        },
        "product_version": "9.2.0 ≤9.2.6"
      },
      {
        "id": "f6bcce2c-cdc0-3411-b440-2a77ef8d3572",
        "product": {
          "name": "FortiNAC"
        },
        "product_version": "9.1.0 ≤9.1.8"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/psirt/FG-IR-22-456

03 Oct 2025 20:07Current

5Medium risk

Vulners AI Score5

CVSS 3.14.1 - 4.4

EPSS0.00049

SSVC

credentials vulnerability fortinac password retrieval attacker