Sign-up

ID

VAR-202302-1489


CVE

CVE-2022-40678


TITLE

fortinet's  FortiNAC  Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019906

DESCRIPTION

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. fortinet's FortiNAC There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability, which stems from. The following versions are affected: versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0through 8.5.4, 8.3.7

Trust: 2.34

sources: NVD: CVE-2022-40678 // JVNDB: JVNDB-2022-019906 // CNNVD: CNNVD-202302-1431 // VULHUB: VHN-436491 // VULMON: CVE-2022-40678

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:lteversion:8.7.6

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.1.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.2.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.5.4

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.6.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.1.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.3.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.8.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.2.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.8.11

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.5.0

Trust: 1.0

vendor:フォーティネットmodel:fortinacscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.6.0 to 8.6.5

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.3.7

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.2.0 to 9.2.5

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.7.0 to 8.7.6

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.1.0 to 9.1.7

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.5.0 to 8.5.4

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.8.0 to 8.8.11

Trust: 0.8

sources: JVNDB: JVNDB-2022-019906 // NVD: CVE-2022-40678

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-40678
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-40678
value: HIGH

Trust: 1.0

NVD: CVE-2022-40678
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1431
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-40678
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-40678
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.4
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-40678
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019906 // CNNVD: CNNVD-202302-1431 // NVD: CVE-2022-40678 // NVD: CVE-2022-40678

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-436491 // JVNDB: JVNDB-2022-019906 // NVD: CVE-2022-40678

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1431

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1431

PATCH

title:FG-IR-22-265url:https://www.fortiguard.com/psirt/FG-IR-22-265

Trust: 0.8

title:Fortinet FortiNAC Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226973

Trust: 0.6

sources: JVNDB: JVNDB-2022-019906 // CNNVD: CNNVD-202302-1431

EXTERNAL IDS

db:NVDid:CVE-2022-40678

Trust: 3.4

db:JVNDBid:JVNDB-2022-019906

Trust: 0.8

db:CNNVDid:CNNVD-202302-1431

Trust: 0.6

db:VULHUBid:VHN-436491

Trust: 0.1

db:VULMONid:CVE-2022-40678

Trust: 0.1

sources: VULHUB: VHN-436491 // VULMON: CVE-2022-40678 // JVNDB: JVNDB-2022-019906 // CNNVD: CNNVD-202302-1431 // NVD: CVE-2022-40678

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-265

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-40678

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-40678/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-436491 // VULMON: CVE-2022-40678 // JVNDB: JVNDB-2022-019906 // CNNVD: CNNVD-202302-1431 // NVD: CVE-2022-40678

SOURCES

db:VULHUBid:VHN-436491
db:VULMONid:CVE-2022-40678
db:JVNDBid:JVNDB-2022-019906
db:CNNVDid:CNNVD-202302-1431
db:NVDid:CVE-2022-40678

LAST UPDATE DATE

2024-08-14T13:42:03.849000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-436491date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-40678date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-019906date:2023-10-30T01:32:00
db:CNNVDid:CNNVD-202302-1431date:2023-02-28T00:00:00
db:NVDid:CVE-2022-40678date:2023-11-07T03:52:34.990

SOURCES RELEASE DATE

db:VULHUBid:VHN-436491date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-40678date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-019906date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1431date:2023-02-16T00:00:00
db:NVDid:CVE-2022-40678date:2023-02-16T19:15:13.313