cbcvebase.
CVE-2022-38375
published 2023-02-16

CVE-2022-38375: An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.

Affected

8 ranges
VendorProductVersion rangeFixed in
fortinetfortinac
fortinetfortinac>= 9.2.0 < 9.2.79.2.7
fortinetfortinac9.2.0 – 9.2.6
fortinetfortinac>= 9.4.0 < 9.4.29.4.2
fortinetfortinac9.4.0 – 9.4.1
fortinetfortinac-f< 7.2.07.2.0
fortinetfortinac-f
fortinetfortinet