CVE-2022-40678

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 87.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortinac
Timeline
PublishedFeb 16

Description

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortinac9.2.09.2.5+7
NVDfortinet/fortinac8.5.08.5.4+7

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-7pc3-hj79-39qj: An insufficiently protected credentials in Fortinet FortiNAC versions 92023-02-16
CVEList
CVE-2022-40678: An insufficiently protected credentials in Fortinet FortiNAC versions 92023-02-16

📋Vendor Advisories

1
Fortinet
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8...2023-02-16
CVE-2022-40678 (HIGH CVSS 7.8) | An insufficiently protected credent | cvebase.io