Lucene search

[email protected]NVD:CVE-2022-39946

HistoryJun 13, 2023 - 9:15 a.m.

CVE-2022-39946

2023-06-1309:15:14

CWE-284

[email protected]

web.nvd.nist.gov

fortinac

access control

vulnerability

remote attacker

http requests

cve-2022-39946

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

Affected configurations

NVD

Node

fortinetfortinacRange8.5.0–8.5.4

fortinetfortinacRange8.6.0–8.6.5

fortinetfortinacRange8.7.0–8.7.6

fortinetfortinacRange8.8.0–8.8.11

fortinetfortinacRange9.1.0–9.1.10

fortinetfortinacRange9.2.0–9.2.8

fortinetfortinacMatch9.4.0

fortinetfortinacMatch9.4.1

fortinetfortinacMatch9.4.2

References

fortiguard.com/psirt/FG-IR-22-332

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for NVD:CVE-2022-39946

prion1 cvelist1 cve1 fortinet1