Fortinet Fortinac F
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortinet Fortinac F.
By the Year
In 2026 there have been 0 vulnerabilities in Fortinet Fortinac F. Last year, in 2025 Fortinac F had 1 security vulnerability published. Right now, Fortinac F is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 4.80 |
| 2024 | 0 | 0.00 |
| 2023 | 10 | 7.47 |
It may take a day or so for new Fortinac F vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortinet Fortinac F Security Vulnerabilities
FortiNAC-F <=7.2.4 Improper Cert Validation (MITM)
CVE-2023-48785
4.8 - Medium
- March 14, 2025
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.
Improper Certificate Validation
FortiNAC-F 7.2.0/9.x DoS via Unauth Client Secure Renegotiation (CWE-264)
CVE-2023-22633
7.5 - High
- June 13, 2023
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.
XSS in FortiNAC-F 7.2.0 License Mgmt allows RCE for auth users
CVE-2023-22637
9 - Critical
- May 03, 2023
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.
XSS
FortiNAC-7.2.0 hard-coded credentials allow DB shell access
CVE-2023-26203
7.8 - High
- May 03, 2023
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.
Use of Hard-coded Credentials
Weak Auth FortiNAC-F v7.2.0 & <=9.4.2: Unauth Pass Spraying via Reg Page
CVE-2022-45860
7.5 - High
- May 03, 2023
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.
authentification
FortiNAC-F 7.2.0 & prior: Local Auth Can Retrieve User Passwords (CWE-522)
CVE-2022-45859
4.4 - Medium
- May 03, 2023
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.
Insufficiently Protected Credentials
FortiNAC Open Redirect (CWE-601) via crafted URL in v7.2.0 & below
CVE-2022-43950
4.7 - Medium
- May 03, 2023
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
Open Redirect
FortiNAC HTTP API Info Disclosure <=9.4.1 (CWE-200)
CVE-2022-43951
7.5 - High
- April 11, 2023
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.
Fortinet FortiNAC Crypto Decrypt/Forge (9.4-9.2-9.1 series)
CVE-2022-40675
7.4 - High
- February 16, 2023
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.
FortiNAC 9.4.09.4.1 Improper Auth Allow Unauth Admin Ops via HTTP POST
CVE-2022-38375
9.8 - Critical
- February 16, 2023
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
FortiNAC 8.3-9.4 XXE Allows File Read/DoS
CVE-2022-39954
9.1 - Critical
- February 16, 2023
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortinet Fortinac F or by Fortinet? Click the Watch button to subscribe.
