Sign-up

ID

VAR-202304-0865


CVE

CVE-2022-43951


TITLE

FortiNAC Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202304-761

DESCRIPTION

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection

Trust: 1.44

sources: NVD: CVE-2022-43951 // CNNVD: CNNVD-202304-761

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:ltversion:9.4.2

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.2.7

Trust: 1.0

vendor:fortinetmodel:fortinac-fscope:ltversion:7.2.0

Trust: 1.0

sources: NVD: CVE-2022-43951

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-43951
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202304-761
value: HIGH

Trust: 0.6

NVD: CVE-2022-43951
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-43951 // CNNVD: CNNVD-202304-761

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2022-43951

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-761

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202304-761

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-43951

PATCH
title:FortiNAC Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234182
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202304-761

EXTERNAL IDS
db:NVDid:CVE-2022-43951
Trust: 1.6
db:CNNVDid:CNNVD-202304-761
Trust: 0.6
sources:
            
            
            NVD: CVE-2022-43951 // 
            
            
            
            CNNVD: CNNVD-202304-761

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-409
Trust: 1.6
url:https://cxsecurity.com/cveshow/cve-2022-43951/
Trust: 0.6
sources:
            
            
            NVD: CVE-2022-43951 // 
            
            
            
            CNNVD: CNNVD-202304-761

SOURCES
db:NVDid:CVE-2022-43951
db:CNNVDid:CNNVD-202304-761

LAST UPDATE DATE
2023-04-22T22:48:30.984000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2022-43951date:2023-04-18T19:27:00
db:CNNVDid:CNNVD-202304-761date:2023-04-19T00:00:00

SOURCES RELEASE DATE
db:NVDid:CVE-2022-43951date:2023-04-11T17:15:00
db:CNNVDid:CNNVD-202304-761date:2023-04-11T00:00:00