CVE-2022-38375

CWE-285CWE-863Incorrect Authorization4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.6%
top 30.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortinacFortinet Fortinac-f
Timeline
PublishedFeb 16

Description

An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDfortinet/fortinac9.2.09.2.7+1
NVDfortinet/fortinac-f< 7.2.0
CVEListV5fortinet/fortinac9.4.09.4.1+1

🔴Vulnerability Details

2
GHSA
GHSA-pxw3-v724-g6xr: An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 92023-02-16
CVEList
CVE-2022-38375: An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 92023-02-16

📋Vendor Advisories

1
Fortinet
An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 all...2023-02-16
CVE-2022-38375 (CRITICAL CVSS 9.8) | An improper authorization vulnerabi | cvebase.io