Rewterz Threat Advisory – Multiple Fortinet FortiNAC Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-39946 CVSS:7.6

Fortinet FortiNAC could allow a remote authenticated attacker to obtain sensitive information, caused by improper access control. By sending a specially crafted HTTP request utilize jsp calls, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-22633 CVSS:7.5

Fortinet FortiNAC is vulnerable to a denial of service, caused by an improper permissions, privileges, and access controls flaw. By sending a specially crafted request using client-secure renegotiation, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Impact

• Information Disclosure
• Denial of Service

Indicators Of Compromise

CVE

• CVE-2022-39946
• CVE-2023-22633

Affected Vendors

Fortinet

Affected Products

• Fortinet FortiNAC 9.4.0
• Fortinet FortiNAC 8.8
• Fortinet FortiNAC 8.7
• Fortinet FortiNAC 8.6
• Fortinet FortiNAC 8.5
• Fortinet FortiNAC 9.2
• Fortinet FortiNAC 9.1
• Fortinet FortiNAC 9.4.1
• Fortinet FortiNAC 9.4.2
• Fortinet FortiNAC 9.1.8
• Fortinet FortiNAC 9.2.7
• Fortinet FortiNAC 9.2.6

Remediation

Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.

CVE-2022-39946

CVE-2023-22633