← Back

CVE-2023-48785

nvd nist
Published: Mar 14, 2025Modified: Jul 25, 2025

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.2 / Impact: 2.5
Source: NVD

Description

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.

Affected (1)

Products: Fortinet: Fortinac F
Fortinet
1 product
Fortinac F
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Fortinac F
From 7.2.0 to 7.2.5

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (1)

Source: psirt@fortinet.com
Vendor Advisory

Timeline

No history available yet.