CVE-2023-48785
published 2025-03-14CVE-2023-48785: An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a…
medium4.8CVSS 3.1
AVNACHPRNUINSUCLILAN
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinac | — | — |
| fortinet | fortinac-f | — | — |
| fortinet | fortinac-f | >= 7.2.0 < 7.2.5 | 7.2.5 |
| fortinet | fortinac-f | 7.2.0 – 7.2.4 | — |
| fortinet | fortios | — | — |