CVE-2022-40678

Published: Feb 16, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.

Affected (8)

Products: Fortinet: Fortinac

Fortinet

1 product

Fortinac

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortinac	From 8.5.0 to 8.5.4
Fortinet Fortinac	From 8.6.0 to 8.6.5
Fortinet Fortinac	From 8.7.0 to 8.7.6
Fortinet Fortinac	From 8.8.0 to 8.8.11
Fortinet Fortinac	From 9.1.0 to 9.1.7
Fortinet Fortinac	From 9.2.0 to 9.2.5
Fortinet Fortinac	Version 8.3.7
Fortinet Fortinac	Version 9.4.0

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://fortiguard.com/psirt/FG-IR-22-265

Source: psirt@fortinet.com

PatchVendor Advisory

https://fortiguard.com/psirt/FG-IR-22-265

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.