CVE-2022-26117

CWE-5213 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 35.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortinac Fortinet Fortinet Fortinac

Timeline

PublishedJul 18

Description

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortinac9.1.0 — 9.1.6+8

▶CVEListV5fortinet/fortinet_fortinacFortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below.

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-26117: An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8↗2022-07-18

▶

📋Vendor Advisories

Fortinet

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8...↗2022-07-18

▶