Sign-up

ID

VAR-202305-0225


CVE

CVE-2023-26203


TITLE

Fortinet FortiNAC Trust Management Issue Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202305-194

DESCRIPTION

A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection

Trust: 1.53

sources: NVD: CVE-2023-26203 // CNNVD: CNNVD-202305-194 // VULMON: CVE-2023-26203

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.2.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:ltversion:9.4.3

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinac-fscope:eqversion:7.2.0

Trust: 1.0

sources: NVD: CVE-2023-26203

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-26203
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202305-194
value: HIGH

Trust: 0.6

NVD: CVE-2023-26203
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-26203 // CNNVD: CNNVD-202305-194

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

sources: NVD: CVE-2023-26203

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202305-194

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202305-194

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-26203

PATCH
title:Fortinet FortiNAC Repair measures for trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=236981
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202305-194

EXTERNAL IDS
db:NVDid:CVE-2023-26203
Trust: 1.7
db:CNNVDid:CNNVD-202305-194
Trust: 0.6
db:VULMONid:CVE-2023-26203
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-26203 // 
            
            
            
            NVD: CVE-2023-26203 // 
            
            
            
            CNNVD: CNNVD-202305-194

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-520
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2023-26203/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-26203 // 
            
            
            
            NVD: CVE-2023-26203 // 
            
            
            
            CNNVD: CNNVD-202305-194

SOURCES
db:VULMONid:CVE-2023-26203
db:NVDid:CVE-2023-26203
db:CNNVDid:CNNVD-202305-194

LAST UPDATE DATE
2023-05-11T22:51:38.714000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-26203date:2023-05-04T00:00:00
db:NVDid:CVE-2023-26203date:2023-05-10T20:44:00
db:CNNVDid:CNNVD-202305-194date:2023-05-11T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-26203date:2023-05-03T00:00:00
db:NVDid:CVE-2023-26203date:2023-05-03T22:15:00
db:CNNVDid:CNNVD-202305-194date:2023-05-03T00:00:00