PSIRT

Lack of certificate validation

Summary

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.

Version	Affected	Solution
FortiNAC-F 7.4	Not affected	Not Applicable
FortiNAC-F 7.2	7.2.0 through 7.2.4	Upgrade to 7.2.5 or above

Acknowledgement

Fortinet is pleased to thank Christian Hilgers from indevis for reporting this vulnerability under responsible disclosure

Timeline

2024-04-09: Initial publication

IR Number	FG-IR-23-288
Published Date	Apr 9, 2024
Severity	Medium
CVSSv3 Score	4.4
Impact	Information disclosure
CVE ID
Download	CVRF CSAF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

Lack of certificate validation

Summary

Acknowledgement

Timeline

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

Lack of certificate validation

Summary

Acknowledgement

Timeline

Threat Intelligence
Center