CVE-2023-22637 MEDIUM

CVE-2023-22637

Vendor Fortinet
Product FortiNAC
Weakness CWE-79 · XSS
Published May 3, 2023
Last update October 23, 2024

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

What the vulnerability does

01Description

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.

Key dates

02Disclosure timeline

May 3, 2023 CVE published
October 23, 2024 Record updated