Lucene search

PRIOn knowledge basePRION:CVE-2022-39946

HistoryJun 13, 2023 - 9:15 a.m.

Improper access control

2023-06-1309:15:00

PRIOn knowledge base

www.prio-n.com

access control

vulnerability

fortinac

remote attacker

http requests

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

CPENameOperatorVersion
fortinacge8.6.0
fortinacle8.6.5
fortinacge8.8.0
fortinacle8.8.11
fortinacge8.7.0
fortinacle8.7.6
fortinaceq9.4.0
fortinacge8.5.0
fortinacle8.5.4
fortinaceq9.4.1

Name	Operator	Version
fortinac	ge	8.6.0
fortinac	le	8.6.5
fortinac	ge	8.8.0
fortinac	le	8.8.11
fortinac	ge	8.7.0
fortinac	le	8.7.6
fortinac	eq	9.4.0
fortinac	ge	8.5.0
fortinac	le	8.5.4
fortinac	eq	9.4.1

Rows per page:

1-10 of 151

References

fortiguard.com/psirt/FG-IR-22-332