Unauthenticated access to administrative operations Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-329 Final 1 1 2023-02-16T00:00:00 Current version 2023-02-16T00:00:00 2023-02-16T00:00:00 An improper authorization vulnerability [CWE-285] in FortiNAC may allow an unauthenticated attacker to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. None Execute unauthorized code or commands FortiNAC version 9.4.0 through 9.4.1FortiNAC version 9.2.0 through 9.2.6FortiNAC 9.1 all versions are not affectedFortiNAC 8.8 all versions are not affectedFortiNAC 8.7 all versions are not affectedFortiNAC 8.6 all versions are not affectedFortiNAC 8.5 all versions are not affectedFortiNAC 7.2 all versions are not affected Please upgrade to FortiNAC-F version 7.2.0 or abovePlease upgrade to FortiNAC version 9.4.2 or abovePlease upgrade to FortiNAC version 9.2.7 or above Internally discovered and reported by Théo Leleu of Fortinet Product Security team. FortiNAC 9.4.1 FortiNAC 9.4.0 FortiNAC 9.2.6 FortiNAC 9.2.5 FortiNAC 9.2.4 FortiNAC 9.2.3 FortiNAC 9.2.2 FortiNAC 9.2.1 FortiNAC 9.2.0 CVE-2022-38375 FortiNAC-9.4.1 FortiNAC-9.4.0 FortiNAC-9.2.6 FortiNAC-9.2.5 FortiNAC-9.2.4 FortiNAC-9.2.3 FortiNAC-9.2.2 FortiNAC-9.2.1 FortiNAC-9.2.0 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-329 Unauthenticated access to administrative operations Reference>