45 matches found
EUVD-2026-22313
An URL Redirection to Untrusted Site 'Open Redirect' vulnerability CWE-601 vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary...
CVE-2026-21741
An URL Redirection to Untrusted Site 'Open Redirect' vulnerability CWE-601 vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary...
CVE-2026-21741
An URL Redirection to Untrusted Site 'Open Redirect' vulnerability CWE-601 vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary...
CVE-2026-21741
An URL Redirection to Untrusted Site 'Open Redirect' vulnerability CWE-601 vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary...
Fortinet FortiNAC-F 输入验证错误漏洞
Fortinet FortiNAC-F is a network access control solution developed by the American company Fortinet. This product is primarily used for network access control and IoT security protection. Vulnerabilities exist in versions 7.6.0 to 7.6.5, 7.4, and 7.2 of Fortinet FortiNAC-F, due to input validatio...
PT-2026-32662
Name of the Vulnerable Software and Affected Versions FortiNAC-F versions 7.6.0 through 7.6.5 FortiNAC-F 7.4 affected versions not specified FortiNAC-F 7.2 affected versions not specified Description An Open Redirect issue exists where a remote privileged attacker with a system administrator role...
EUVD-2023-52818
Malicious code in bioql PyPI...
Fortinet FortiNAC-F Trust Management Issues Vulnerability
Fortinet FortiNAC-F is a set of network access control solutions from the American Fiat Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC-F suffers from a trust management issue vulnerability that stems from improper certificate validation, which...
The vulnerability of the FortiNAC-F network access control mechanism, related to errors in the certificate validation process, allows a perpetrator to execute a type of “man-in-the-middle” attack.
The vulnerability of the FortiNAC-F network access control mechanism is related to errors in the certificate validation process. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” attack...
CVE-2023-48785
An improper certificate validation vulnerability CWE-295 in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F...
CVE-2023-48785
An improper certificate validation vulnerability CWE-295 in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F...
CVE-2023-48785
An improper certificate validation vulnerability CWE-295 in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F...
CVE-2023-48785
An improper certificate validation vulnerability CWE-295 in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F...
CVE-2023-48785
An improper certificate validation vulnerability CWE-295 in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F...
CVE-2023-48785
CVE-2023-48785 is an improper certificate validation (CWE-295) in FortiNAC-F up to version 7.2.4 that may allow a remote, unauthenticated attacker to perform a Man-in-the-Middle on the HTTPS channel between FortiOS, an inventory, and FortiNAC‑F. The CVSS v3.1 base score is 4.8 (Medium); attack ve...
Fortinet FortiNAC-F 信任管理问题漏洞
Fortinet FortiNAC-F is a set of network access control solutions from the American Fiat Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC-F suffers from a trust management issue vulnerability that stems from improper certificate validation, which...
The vulnerability of the access control devices in Fortinet’s FortiNAC and FortiNAC-F systems arises from the lack of protective measures for the website structure. This allows attackers to execute arbitrary code.
The vulnerability of the access control devices in Fortinet’s FortiNAC and FortiNAC-F systems exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2023-22633
An improper permissions, privileges, and access controls vulnerability CWE-264 in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure...
CVE-2023-22633
An improper permissions, privileges, and access controls vulnerability CWE-264 in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure...
Improper access control
An improper permissions, privileges, and access controls vulnerability CWE-264 in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure...