Rewterz Threat Advisory – Multiple Fortinet FortiADC and FortiADC Manager Vulnerabilities
June 13, 2023Rewterz Threat Advisory – Multiple Fortinet FortiSIEM Vulnerabilities
June 13, 2023Rewterz Threat Advisory – Multiple Fortinet FortiADC and FortiADC Manager Vulnerabilities
June 13, 2023Rewterz Threat Advisory – Multiple Fortinet FortiSIEM Vulnerabilities
June 13, 2023Severity
High
Analysis Summary
CVE-2022-39946 CVSS:7.6
Fortinet FortiNAC could allow a remote authenticated attacker to obtain sensitive information, caused by improper access control. By sending a specially crafted HTTP request utilize jsp calls, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-22633 CVSS:7.5
Fortinet FortiNAC is vulnerable to a denial of service, caused by an improper permissions, privileges, and access controls flaw. By sending a specially crafted request using client-secure renegotiation, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Information Disclosure
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-39946
- CVE-2023-22633
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiNAC 9.4.0
- Fortinet FortiNAC 8.8
- Fortinet FortiNAC 8.7
- Fortinet FortiNAC 8.6
- Fortinet FortiNAC 8.5
- Fortinet FortiNAC 9.2
- Fortinet FortiNAC 9.1
- Fortinet FortiNAC 9.4.1
- Fortinet FortiNAC 9.4.2
- Fortinet FortiNAC 9.1.8
- Fortinet FortiNAC 9.2.7
- Fortinet FortiNAC 9.2.6
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.