CVE-2022-45859

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 90.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortinacFortinet Fortinac-f
Timeline
PublishedMay 3
Latest updateMay 4

Description

An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages3 packages

NVDfortinet/fortinac9.2.09.2.7+2
CVEListV5fortinet/fortinac9.4.09.4.1+4

🔴Vulnerability Details

2
GHSA
GHSA-9v39-cw8g-p5rj: An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 72023-05-04
CVEList
CVE-2022-45859: An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 72023-05-03

📋Vendor Advisories

1
Fortinet
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and...2023-05-03
CVE-2022-45859 (MEDIUM CVSS 4.4) | An insufficiently protected credent | cvebase.io