CVE-2023-48785Improper Certificate Validation in Fortinet Fortinac-f

CWE-295Improper Certificate Validation4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 70.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortinac-f
Timeline
PublishedMar 14

Description

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages2 packages

NVDfortinet/fortinac-f7.2.07.2.5
CVEListV5fortinet/fortinac-f7.2.07.2.4

🔴Vulnerability Details

2
GHSA
GHSA-94q2-3cfp-g294: An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 72025-03-14
CVEList
CVE-2023-48785: An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 72025-03-14

📋Vendor Advisories

1
Fortinet
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and...2025-03-14
CVE-2023-48785 — Improper Certificate Validation | cvebase