Authorization

2023-02-1619:15:00

PRIOn knowledge base

www.prio-n.com

improper authorization

vulnerability

fortinet fortinac

version 9.4.0

version 9.4.1

http post requests

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.

CPENameOperatorVersion
fortinacge9.4.0
fortinaclt9.4.2
fortinacge9.2.0
fortinaclt9.2.7
fortinac-flt7.2.0

Name	Operator	Version
fortinac	ge	9.4.0
fortinac	lt	9.4.2
fortinac	ge	9.2.0
fortinac	lt	9.2.7
fortinac-f	lt	7.2.0

References

fortiguard.com/psirt/FG-IR-22-329