CVE-2022-43951

CWE-200Information Exposure4 documents4 sources
Severity
7.5HIGH
EPSS
0.3%
top 43.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortinacFortinet Fortinac-f
Timeline
PublishedApr 11

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDfortinet/fortinac9.4.09.4.2+1
NVDfortinet/fortinac-f< 7.2.0
CVEListV5fortinet/fortinac9.4.09.4.1+4

🔴Vulnerability Details

2
GHSA
GHSA-7824-x6vq-p8mj: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 92023-04-11
CVEList
CVE-2022-43951: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 92023-04-11

📋Vendor Advisories

1
Fortinet
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6...2023-04-11
CVE-2022-43951 (HIGH CVSS 7.5) | An exposure of sensitive informatio | cvebase.io