FortiNAC - Unprotected MySQL root account

Summary

An empty password in configuration file vulnerability [CWE-258] in FortiNAC may allow an authenticated attacker to access the MySQL databases via the CLI.

Affected Products

At least
FortiNAC version 8.3.7
FortiNAC version 8.5.0 through 8.5.2
FortiNAC version 8.5.4
FortiNAC version 8.6.0
FortiNAC version 8.6.2 through 8.6.5
FortiNAC version 8.7.0 through 8.7.6
FortiNAC version 8.8.0 through 8.8.11
FortiNAC version 9.1.0 through 9.1.5
FortiNAC version 9.2.0 through 9.2.3

Solutions

Please upgrade to FortiNAC version 10.0.0 or above,
Please upgrade to FortiNAC version 9.2.4 or above,
Please upgrade to FortiNAC version 9.1.6 or above.

Acknowledgement

Fortinet is pleased to thank Orange CERT-CC and Valentin ALLAIN for bringing this issue to our attention under responsible disclosure.