CVE-2022-45860

CWE-1390CWE-287Improper Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
0.2%
top 58.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortinacFortinet Fortinac-f
Timeline
PublishedMay 3
Latest updateMay 4

Description

A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDfortinet/fortinac9.4.09.4.2+1
CVEListV5fortinet/fortinac9.4.09.4.2+4

🔴Vulnerability Details

2
GHSA
GHSA-6r8m-7q26-8wcc: A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 72023-05-04
CVEList
CVE-2022-45860: A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 72023-05-03

📋Vendor Advisories

1
Fortinet
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all ve...2023-05-03
CVE-2022-45860 (HIGH CVSS 7.5) | A weak authentication vulnerability | cvebase.io