CVE-2022-38375 HIGH

CVE-2022-38375

Vendor Fortinet

Product FortiNAC

Weakness CWE-285

Published February 16, 2023

Last update October 23, 2024

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:U/RC:C

What the vulnerability does

01Description

An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.

Key dates

02Disclosure timeline

February 16, 2023 CVE published

October 23, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-38375 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

Identifiers

CVE CVE-2022-38375

CWE CWE-285

CVSS 8.6 / HIGH

Affected versions

Vendor Fortinet

Product FortiNAC

Affected ≥ 9.4.0 and ≤ 9.4.1

Vendor Fortinet

Product FortiNAC

Affected ≥ 9.2.0 and ≤ 9.2.6

CVE-2022-38375

01Description

02Disclosure timeline

03References

04Related CVE