First published: Thu Feb 16 2023(Updated: )
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiNAC | >=9.2.0<9.2.7 | |
Fortinet FortiNAC | >=9.4.0<9.4.2 | |
Fortinet FortiNAC-F | <7.2.0 |
Please upgrade to FortiNAC-F version 7.2.0 or above Please upgrade to FortiNAC version 9.4.2 or above Please upgrade to FortiNAC version 9.2.7 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38375 is an improper authorization vulnerability in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6.
CVE-2022-38375 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 are affected by CVE-2022-38375.
CVE-2022-38375 has a severity rating of 9.8 (critical).
To fix CVE-2022-38375, upgrade Fortinet FortiNAC to version 9.2.7 or higher.