Unprotected MySQL root account Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-058 Final 1 1 2022-07-05T00:00:00 Current version 2022-07-05T00:00:00 2022-07-05T00:00:00 An empty password in configuration file vulnerability [CWE-258] in FortiNAC may allow an authenticated attacker to access the MySQL databases via the CLI. None Execute unauthorized code or commands At leastFortiNAC version 8.3.7FortiNAC version 8.5.0 through 8.5.2FortiNAC version 8.5.4FortiNAC version 8.6.0FortiNAC version 8.6.2 through 8.6.5FortiNAC version 8.7.0 through 8.7.6FortiNAC version 8.8.0 through 8.8.11FortiNAC version 9.1.0 through 9.1.5FortiNAC version 9.2.0 through 9.2.3 Please upgrade to FortiNAC version 10.0.0 or above,Please upgrade to FortiNAC version 9.2.4 or above,Please upgrade to FortiNAC version 9.1.6 or above. Fortinet is pleased to thank Orange CERT-CC and Valentin ALLAIN for bringing this issue to our attention under responsible disclosure. CVE-2022-26117 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-22-058 Unprotected MySQL root account Reference>