CVE-2022-45859 LOW

CVE-2022-45859

Vendor Fortinet
Product FortiNAC
Weakness CWE-522 · Insufficiently protected credentials
Published May 3, 2023
Last update October 22, 2024

CVSS base score

3.9/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:R

What the vulnerability does

01Description

An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.

Key dates

02Disclosure timeline

May 3, 2023 CVE published
October 22, 2024 Record updated