Sign-up

ID

VAR-202305-0103


CVE

CVE-2022-45860


TITLE

Fortinet FortiNAC Authorization problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202305-192

DESCRIPTION

A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from a weak authentication flaw in the device registration page

Trust: 1.53

sources: NVD: CVE-2022-45860 // CNNVD: CNNVD-202305-192 // VULMON: CVE-2022-45860

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:gteversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.2.6

Trust: 1.0

vendor:fortinetmodel:fortinacscope:ltversion:9.4.2

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinac-fscope:eqversion:7.2.0

Trust: 1.0

sources: NVD: CVE-2022-45860

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-45860
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202305-192
value: HIGH

Trust: 0.6

NVD: CVE-2022-45860
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-45860 // CNNVD: CNNVD-202305-192

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

sources: NVD: CVE-2022-45860

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-192

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202305-192

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-45860

PATCH
title:Fortinet FortiNAC Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237181
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202305-192

EXTERNAL IDS
db:NVDid:CVE-2022-45860
Trust: 1.7
db:CNNVDid:CNNVD-202305-192
Trust: 0.6
db:VULMONid:CVE-2022-45860
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-45860 // 
            
            
            
            NVD: CVE-2022-45860 // 
            
            
            
            CNNVD: CNNVD-202305-192

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-464
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2022-45860/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-45860 // 
            
            
            
            NVD: CVE-2022-45860 // 
            
            
            
            CNNVD: CNNVD-202305-192

SOURCES
db:VULMONid:CVE-2022-45860
db:NVDid:CVE-2022-45860
db:CNNVDid:CNNVD-202305-192

LAST UPDATE DATE
2023-05-12T22:47:38.454000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-45860date:2023-05-04T00:00:00
db:NVDid:CVE-2022-45860date:2023-05-11T17:48:00
db:CNNVDid:CNNVD-202305-192date:2023-05-12T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-45860date:2023-05-03T00:00:00
db:NVDid:CVE-2022-45860date:2023-05-03T22:15:00
db:CNNVDid:CNNVD-202305-192date:2023-05-03T00:00:00