An improper restriction of XML external entity reference vulnerability [CWE-611] in the parser of XML requests of FortiNAC may allow an unauthenticated attacker to trigger a denial of service or read arbitrary files from the underlying file system via specifically crafted XML documents.
FortiNAC version 9.4.0 through 9.4.1
FortiNAC all versions 9.2, 9.1, 8.8, 8.7, 8.6, 8.5, 8.3
Please upgrade to FortiNAC version 9.4.2 or above
Please upgrade to FortiNAC version 7.2.0 or above