Sign-up

ID

VAR-202305-0039


CVE

CVE-2022-43950


TITLE

Fortinet FortiNAC Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202305-190

DESCRIPTION

A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability due to an open redirection vulnerability

Trust: 1.53

sources: NVD: CVE-2022-43950 // CNNVD: CNNVD-202305-190 // VULMON: CVE-2022-43950

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:ltversion:9.4.2

Trust: 1.0

vendor:fortinetmodel:fortinac-fscope:eqversion:7.2.0

Trust: 1.0

sources: NVD: CVE-2022-43950

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-43950
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202305-190
value: MEDIUM

Trust: 0.6

NVD: CVE-2022-43950
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-43950 // CNNVD: CNNVD-202305-190

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.0

sources: NVD: CVE-2022-43950

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-190

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202305-190

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-43950

PATCH
title:Fortinet FortiNAC Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237180
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202305-190

EXTERNAL IDS
db:NVDid:CVE-2022-43950
Trust: 1.7
db:CNNVDid:CNNVD-202305-190
Trust: 0.6
db:VULMONid:CVE-2022-43950
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-43950 // 
            
            
            
            NVD: CVE-2022-43950 // 
            
            
            
            CNNVD: CNNVD-202305-190

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-407
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2022-43950/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-43950 // 
            
            
            
            NVD: CVE-2022-43950 // 
            
            
            
            CNNVD: CNNVD-202305-190

SOURCES
db:VULMONid:CVE-2022-43950
db:NVDid:CVE-2022-43950
db:CNNVDid:CNNVD-202305-190

LAST UPDATE DATE
2023-05-12T22:56:32.886000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-43950date:2023-05-04T00:00:00
db:NVDid:CVE-2022-43950date:2023-05-11T17:51:00
db:CNNVDid:CNNVD-202305-190date:2023-05-12T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-43950date:2023-05-03T00:00:00
db:NVDid:CVE-2022-43950date:2023-05-03T22:15:00
db:CNNVDid:CNNVD-202305-190date:2023-05-03T00:00:00