Sign-up

ID

VAR-202306-1251


CVE

CVE-2022-39946


TITLE

Fortinet FortiNAC Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202306-896

DESCRIPTION

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attackerĀ authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from an access control flaw. The following versions are affected: versions 9.4.2 and earlier, versions 9.2.7 and earlier, all versions 9.1, all versions 8.8, all versions 8.7, all versions 8.6, and all versions 8.5

Trust: 1.44

sources: NVD: CVE-2022-39946 // CNNVD: CNNVD-202306-896

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:lteversion:9.1.10

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.2.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.2.8

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.1

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.5.4

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.2

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.5.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.7.6

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.1.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.6.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.8.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.8.11

Trust: 1.0

sources: NVD: CVE-2022-39946

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-39946
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202306-896
value: HIGH

Trust: 0.6

NVD: CVE-2022-39946
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-39946 // CNNVD: CNNVD-202306-896

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2022-39946

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-896

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202306-896

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-39946

EXTERNAL IDS
db:NVDid:CVE-2022-39946
Trust: 1.6
db:CNNVDid:CNNVD-202306-896
Trust: 0.6
sources:
            
            
            NVD: CVE-2022-39946 // 
            
            
            
            CNNVD: CNNVD-202306-896

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-332
Trust: 1.6
url:https://cxsecurity.com/cveshow/cve-2022-39946/
Trust: 0.6
sources:
            
            
            NVD: CVE-2022-39946 // 
            
            
            
            CNNVD: CNNVD-202306-896

SOURCES
db:NVDid:CVE-2022-39946
db:CNNVDid:CNNVD-202306-896

LAST UPDATE DATE
2023-06-19T22:37:26.978000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2022-39946date:2023-06-16T18:40:00
db:CNNVDid:CNNVD-202306-896date:2023-06-19T00:00:00

SOURCES RELEASE DATE
db:NVDid:CVE-2022-39946date:2023-06-13T09:15:00
db:CNNVDid:CNNVD-202306-896date:2023-06-13T00:00:00