FortiNAC - Improper access control on administrative panels

FortiNAC - Improper access control on administrative panels Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-332 Final 1 1 2023-06-12T00:00:00 Current version 2023-06-12T00:00:00 2023-06-12T00:00:00 An access control vulnerability [CWE-284] in FortiNAC may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. None Improper access control FortiNAC version 9.4.0 through 9.4.2FortiNAC 9.2 all versionsFortiNAC 9.1 all versionsFortiNAC 8.8 all versionsFortiNAC 8.7 all versionsFortiNAC 8.6 all versionsFortiNAC 8.5 all versionsFortiNAC 7.2 all versions are not affected Please upgrade to FortiNAC-F version 7.2.0 or abovePlease upgrade to FortiNAC version 9.4.3 or abovePlease upgrade to FortiNAC version 9.2.8 or above Internally discovered and reported by Giulia Clerici and Théo Leleu of the Fortinet Product Security team. FortiNAC 9.4.2 FortiNAC 9.4.1 FortiNAC 9.4.0 FortiNAC 9.2.8 FortiNAC 9.2.7 FortiNAC 9.2.6 FortiNAC 9.2.5 FortiNAC 9.2.4 FortiNAC 9.2.3 FortiNAC 9.2.2 FortiNAC 9.2.1 FortiNAC 9.2.0 FortiNAC 9.1.10 FortiNAC 9.1.9 FortiNAC 9.1.8 FortiNAC 9.1.7 FortiNAC 9.1.6 FortiNAC 9.1.5 FortiNAC 9.1.4 FortiNAC 9.1.3 FortiNAC 9.1.2 FortiNAC 9.1.1 FortiNAC 9.1.0 FortiNAC 8.8.11 FortiNAC 8.8.10 FortiNAC 8.8.9 FortiNAC 8.8.8 FortiNAC 8.8.7 FortiNAC 8.8.6 FortiNAC 8.8.5 FortiNAC 8.8.4 FortiNAC 8.8.3 FortiNAC 8.8.2 FortiNAC 8.8.1 FortiNAC 8.8.0 FortiNAC 8.7.6 FortiNAC 8.7.5 FortiNAC 8.7.4 FortiNAC 8.7.3 FortiNAC 8.7.2 FortiNAC 8.7.1 FortiNAC 8.7.0 FortiNAC 8.6.5 FortiNAC 8.6.4 FortiNAC 8.6.3 FortiNAC 8.6.2 FortiNAC 8.6.1 FortiNAC 8.6.0 FortiNAC 8.5.4 FortiNAC 8.5.3 FortiNAC 8.5.2 FortiNAC 8.5.1 FortiNAC 8.5.0 FortiNAC - Improper access control on administrative panels CVE-2022-39946 FortiNAC-9.4.2 FortiNAC-9.4.1 FortiNAC-9.4.0 FortiNAC-9.2.8 FortiNAC-9.2.7 FortiNAC-9.2.6 FortiNAC-9.2.5 FortiNAC-9.2.4 FortiNAC-9.2.3 FortiNAC-9.2.2 FortiNAC-9.2.1 FortiNAC-9.2.0 FortiNAC-9.1.10 FortiNAC-9.1.9 FortiNAC-9.1.8 FortiNAC-9.1.7 FortiNAC-9.1.6 FortiNAC-9.1.5 FortiNAC-9.1.4 FortiNAC-9.1.3 FortiNAC-9.1.2 FortiNAC-9.1.1 FortiNAC-9.1.0 FortiNAC-8.8.11 FortiNAC-8.8.10 FortiNAC-8.8.9 FortiNAC-8.8.8 FortiNAC-8.8.7 FortiNAC-8.8.6 FortiNAC-8.8.5 FortiNAC-8.8.4 FortiNAC-8.8.3 FortiNAC-8.8.2 FortiNAC-8.8.1 FortiNAC-8.8.0 FortiNAC-8.7.6 FortiNAC-8.7.5 FortiNAC-8.7.4 FortiNAC-8.7.3 FortiNAC-8.7.2 FortiNAC-8.7.1 FortiNAC-8.7.0 FortiNAC-8.6.5 FortiNAC-8.6.4 FortiNAC-8.6.3 FortiNAC-8.6.2 FortiNAC-8.6.1 FortiNAC-8.6.0 FortiNAC-8.5.4 FortiNAC-8.5.3 FortiNAC-8.5.2 FortiNAC-8.5.1 FortiNAC-8.5.0 7.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-332 FortiNAC - Improper access control on administrative panels Reference>