FortiNAC 9.4.09.4.1 Improper Auth Allow Unauth Admin Ops via HTTP POST
CVE-2022-38375 Published on February 16, 2023
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
Vulnerability Analysis
CVE-2022-38375 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2022-38375 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2022-38375
stack.watch emails you whenever new vulnerabilities are published in Fortinet Fortinac F or Fortinet Fortinac. Just hit a watch button to start following.
Affected Versions
Fortinet FortiNAC:- Version 9.4.0, <= 9.4.1 is affected.
- Version 9.2.0, <= 9.2.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.