CVE-2022-45859
First published: Wed May 03 2023(Updated: )
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiNAC | >=8.7.0<=9.1.8 | |
| Fortinet FortiNAC | >=9.2.0<9.2.7 | |
| Fortinet FortiNAC | >=9.4.0<9.4.2 | |
| Fortinet FortiNAC-F | =7.2.0 |
Remedy
Please upgrade to FortiNAC-F version 7.2.1 or above Please upgrade to FortiNAC version 9.4.2 or above Please upgrade to FortiNAC version 9.2.7 or above After the upgrade, the CLI account password should be changed. To know which accounts require a new password, the following command can be run: grep ":\$1" /etc/shadow Then, login to the CLI with that user and type "passwd" to change the password and update the hash.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-latest
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortinac
- version/fortinet fortinac/8.7.0
- version/fortinet fortinac/9.1.8
- version/fortinet fortinac/9.2.0
- version/fortinet fortinac/9.4.0
- canonical/fortinet fortinac-f
- version/fortinet fortinac-f/7.2.0