Sign-up

ID

VAR-202305-0038


CVE

CVE-2023-22637


TITLE

Fortinet FortiNAC Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202305-193

DESCRIPTION

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC 7.2.0, FortiNAC 9.4.2 and earlier, 9.2, 9.1, 8.8, and 8.7 have security vulnerabilities

Trust: 1.53

sources: NVD: CVE-2023-22637 // CNNVD: CNNVD-202305-193 // VULMON: CVE-2023-22637

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:ltversion:9.4.3

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinac-fscope:eqversion:7.2.0

Trust: 1.0

sources: NVD: CVE-2023-22637

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-22637
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202305-193
value: CRITICAL

Trust: 0.6

NVD: CVE-2023-22637
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-22637 // CNNVD: CNNVD-202305-193

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2023-22637

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-193

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202305-193

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-22637

PATCH
title:Fortinet FortiNAC Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=236785
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202305-193

EXTERNAL IDS
db:NVDid:CVE-2023-22637
Trust: 1.7
db:AUSCERTid:ESB-2023.2498
Trust: 0.6
db:CNNVDid:CNNVD-202305-193
Trust: 0.6
db:VULMONid:CVE-2023-22637
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-22637 // 
            
            
            
            NVD: CVE-2023-22637 // 
            
            
            
            CNNVD: CNNVD-202305-193

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-23-013
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2023-22637/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2023-22637
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2023.2498
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-22637 // 
            
            
            
            NVD: CVE-2023-22637 // 
            
            
            
            CNNVD: CNNVD-202305-193

SOURCES
db:VULMONid:CVE-2023-22637
db:NVDid:CVE-2023-22637
db:CNNVDid:CNNVD-202305-193

LAST UPDATE DATE
2023-05-10T22:02:45.820000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-22637date:2023-05-04T00:00:00
db:NVDid:CVE-2023-22637date:2023-05-09T20:45:00
db:CNNVDid:CNNVD-202305-193date:2023-05-10T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-22637date:2023-05-03T00:00:00
db:NVDid:CVE-2023-22637date:2023-05-03T22:15:00
db:CNNVDid:CNNVD-202305-193date:2023-05-03T00:00:00