CVE-2022-39953 HIGH

CVE-2022-39953

Vendor Fortinet

Product FortiNAC

Weakness CWE-269

Published March 7, 2023

Last update October 23, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

What the vulnerability does

01Description

A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.

Key dates

02Disclosure timeline

March 7, 2023 CVE published

October 23, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39953 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2022-39953

CWE CWE-269

CVSS 7.8 / HIGH

Affected versions

Vendor Fortinet

Product FortiNAC

Affected ≥ 9.4.0 and ≤ 9.4.1

Vendor Fortinet

Product FortiNAC

Affected ≥ 9.2.0 and ≤ 9.2.6

Vendor Fortinet

Product FortiNAC

Affected ≥ 9.1.0 and ≤ 9.1.8

Vendor Fortinet

Product FortiNAC

Affected ≥ 8.8.0 and ≤ 8.8.11

Vendor Fortinet

Product FortiNAC

Affected ≥ 8.7.0 and ≤ 8.7.6

Vendor Fortinet

Product FortiNAC

Affected ≥ 8.6.0 and ≤ 8.6.5

Vendor Fortinet

Product FortiNAC

Affected ≥ 8.5.0 and ≤ 8.5.4

Vendor Fortinet

Product FortiNAC

Affected 8.3.7

CVE-2022-39953

01Description

02Disclosure timeline

03References

04Related CVE