FortiNAC - SQL Injection
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-062
Final
1
1
2022-05-03T00:00:00
Current version
2022-05-03T00:00:00
2022-05-03T00:00:00
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
None
Execute unauthorized code or commands
FortiNAC version 9.2.0 through 9.2.2FortiNAC version 9.1.0 through 9.1.5FortiNAC 8.8 all versionsFortiNAC 8.7 all versionsFortiNAC 8.6 all versionsFortiNAC 8.5 all versionsFortiNAC 8.3 all versions
Upgrade to FortiNAC version 10.0.0 or above,Upgrade to FortiNAC version 9.4.0 or above,Upgrade to FortiNAC version 9.2.3 or above,Upgrade to FortiNAC version 9.1.6 or above,
Internally discovered and reported by Giulia Clerici of the Fortinet Product Security team.
FortiNAC 9.2.2
FortiNAC 9.2.1
FortiNAC 9.2.0
FortiNAC 9.1.5
FortiNAC 9.1.4
FortiNAC 9.1.3
FortiNAC 9.1.2
FortiNAC 9.1.1
FortiNAC 9.1.0
FortiNAC 8.8.11
FortiNAC 8.8.10
FortiNAC 8.8.9
FortiNAC 8.8.8
FortiNAC 8.8.7
FortiNAC 8.8.6
FortiNAC 8.8.5
FortiNAC 8.8.4
FortiNAC 8.8.3
FortiNAC 8.8.2
FortiNAC 8.8.1
FortiNAC 8.8.0
FortiNAC 8.7.6
FortiNAC 8.7.5
FortiNAC 8.7.4
FortiNAC 8.7.3
FortiNAC 8.7.2
FortiNAC 8.7.1
FortiNAC 8.7.0
FortiNAC 8.6.5
FortiNAC 8.6.4
FortiNAC 8.6.3
FortiNAC 8.6.2
FortiNAC 8.6.0
FortiNAC 8.5.4
FortiNAC 8.5.2
FortiNAC 8.5.1
FortiNAC 8.5.0
FortiNAC 8.3.7
FortiNAC - SQL Injection
CVE-2022-26116
FortiNAC-9.2.2
FortiNAC-9.2.1
FortiNAC-9.2.0
FortiNAC-9.1.5
FortiNAC-9.1.4
FortiNAC-9.1.3
FortiNAC-9.1.2
FortiNAC-9.1.1
FortiNAC-9.1.0
FortiNAC-8.8.11
FortiNAC-8.8.10
FortiNAC-8.8.9
FortiNAC-8.8.8
FortiNAC-8.8.7
FortiNAC-8.8.6
FortiNAC-8.8.5
FortiNAC-8.8.4
FortiNAC-8.8.3
FortiNAC-8.8.2
FortiNAC-8.8.1
FortiNAC-8.8.0
FortiNAC-8.7.6
FortiNAC-8.7.5
FortiNAC-8.7.4
FortiNAC-8.7.3
FortiNAC-8.7.2
FortiNAC-8.7.1
FortiNAC-8.7.0
FortiNAC-8.6.5
FortiNAC-8.6.4
FortiNAC-8.6.3
FortiNAC-8.6.2
FortiNAC-8.6.0
FortiNAC-8.5.4
FortiNAC-8.5.2
FortiNAC-8.5.1
FortiNAC-8.5.0
FortiNAC-8.3.7
6.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-22-062
FortiNAC - SQL Injection
Reference>