Fortiguard

FortiNAC : Wrong use of cryptographic primitives

Summary

A wrong use of cryptographic primitives vulnerability (CWE-310) may allow an attacker to compromise FortiNAC's confidentiality and integrity via deciphering some traffic and/or forging specific packets.

Affected Products

FortiNAC version 9.4.0 through 9.4.1
FortiNAC 9.2 all versions
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions

Solutions

Please upgrade to FortiNAC version 9.4.2 or above
Please upgrade to FortiNAC version 7.2.0 or above

Acknowledgement

Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.

IR Number	FG-IR-22-312
Date	Feb 16, 2023
Severity	Medium
CVSSv3 Score	6
Impact	Information disclosure
CVE ID	CVE-2022-40675
CVRF	Download

Network

Files and Endpoint

Application

Additional SOC Services

PSIRT Advisories

FortiNAC : Wrong use of cryptographic primitives

Summary

Affected Products

Solutions

Acknowledgement

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

PSIRT Advisories

FortiNAC : Wrong use of cryptographic primitives

Summary

Affected Products

Solutions

Acknowledgement